caddy-proxy: Decouple configuration of virtualHosts from module

machines/proxy/configuration.nix

@@ -23,6 +23,39 @@
         plugins = [ "github.com/caddy-dns/cloudflare@74f004e1c1ab9056288f0baf3cd4b0039d6c77f3" ];
         vendorHash = "sha256-UYNFkGK4A7DJSmin4nCo9rUD60gx80e9YZodn7uEcUM=";
       };
+      proxyHosts = [
+        {
+          externalHostname = "home.datarift.nl";
+          proxyAddress = "homeassistant.barn-beaver.ts.net:8123";
+          external = true;
+        }
+        {
+          externalHostname = "frigate.datarift.nl";
+          proxyAddress = "frigate.barn-beaver.ts.net:5000";
+        }
+        {
+          externalHostname = "git.datarift.nl";
+          proxyAddress = "gitea.barn-beaver.ts.net:3000";
+          external = true;
+        }
+        {
+          externalHostname = "minio.datarift.nl";
+          proxyAddress = "minio.barn-beaver.ts.net:9000";
+          external = true;
+        }
+        {
+          externalHostname = "minio-admin.datarift.nl";
+          proxyAddress = "minio.barn-beaver.ts.net:9001";
+        }
+        {
+          externalHostname = "saga.datarift.nl";
+          proxyAddress = "saga.barn-beaver.ts.net:3000";
+        }
+        {
+          externalHostname = "unifi.datarift.nl";
+          proxyAddress = "unifi.barn-beaver.ts.net:8443";
+        }
+      ];
     };
     tailscale.enable = true;
   };

modules/caddy-proxy/default.nix

@@ -8,14 +8,25 @@ with lib;
 let
   cfg = config.eboskma.caddy-proxy;
 
+  proxyHost = types.submodule {
+    options = {
+      externalHostname = mkOption {
+        description = "Hostname where this service should be reached";
+        type = types.str;
+      };
+      proxyAddress = mkOption {
+        description = "Internal address where this service is reachable";
+        type = types.str;
+      };
+      external = mkEnableOption "Make this host externally reachable.";
+    };
+  };
+
   mkProxyHost = target: {
     extraConfig = ''
       reverse_proxy ${target}
 
-      tls {
+      import cloudflare-tls
-        dns cloudflare {env.CF_API_TOKEN}
-        propagation_timeout -1
-      }
     '';
   };
 
@@ -31,10 +42,7 @@ let
         error "Nope." 403
       }
 
-      tls {
+      import cloudflare-tls
-        dns cloudflare {env.CF_API_TOKEN}
-        propagation_timeout -1
-      }
     '';
   };
 in
@@ -42,6 +50,10 @@ in
   options.eboskma.caddy-proxy = {
     enable = mkEnableOption "Caddy proxy";
     package = mkPackageOption pkgs "caddy" { };
+    proxyHosts = mkOption {
+      description = "Proxy hosts";
+      type = types.listOf proxyHost;
+    };
   };
 
   config = mkIf cfg.enable {
@@ -53,16 +65,27 @@ in
 
       acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
 
-      virtualHosts = {
+      extraConfig = ''
-        "home.datarift.nl" = mkProxyHost "homeassistant.barn-beaver.ts.net:8123";
+        (cloudflare-tls) {
-        "ci.datarift.nl" = mkProxyHost "ci.barn-beaver.ts.net:8100";
+            tls {
-        "frigate.datarift.nl" = mkLocalProxyHost "frigate.barn-beaver.ts.net:5000";
+                dns cloudflare {env.CF_API_TOKEN}
-        "git.datarift.nl" = mkProxyHost "gitea.barn-beaver.ts.net:3000";
+                propagation_timeout -1
-        "minio.datarift.nl" = mkProxyHost "minio.barn-beaver.ts.net:9000";
+            }
-        "minio-admin.datarift.nl" = mkLocalProxyHost "minio.barn-beaver.ts.net:9001";
+        }
-        "saga.datarift.nl" = mkLocalProxyHost "saga.barn-beaver.ts.net:3000";
+      '';
-        "unifi.datarift.nl" = mkLocalProxyHost "unifi.barn-beaver.ts.net:8443";
+
-      };
+      virtualHosts = builtins.listToAttrs (
+        map (
+          host:
+          let
+            mkProxy = if host ? external && host.external then mkProxyHost else mkLocalProxyHost;
+          in
+          {
+            name = host.externalHostname;
+            value = mkProxy host.proxyAddress;
+          }
+        ) cfg.proxyHosts
+      );
     };
 
     systemd.services.caddy.serviceConfig.EnvironmentFile = [ config.sops.secrets.caddy-env.path ];