{ config, lib, unstable, ... }: let cfg = config.profile.services.caddy; inherit (lib) mkIf attrsets strings lists ; in { config = mkIf cfg.enable { services.caddy = { enable = true; package = unstable.caddy; }; sops = { secrets = { "caddy/basic_auth/username" = { }; "caddy/basic_auth/password" = { }; }; templates."caddy/basic_auth.env".content = '' AUTH_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"} AUTH_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"} ''; }; systemd.services.caddy.serviceConfig = { EnvironmentFile = [ config.sops.templates."caddy/basic_auth.env".path ]; }; services.caddy.globalConfig = # caddy '' servers { metrics } ''; environment.etc."caddy/static/tigor.web.id/index.html" = { text = let domains = attrsets.mapAttrsToList ( name: _: strings.removePrefix "https://" name ) config.services.caddy.virtualHosts; sortedDomains = lists.sort (a: b: a < b) domains; list = map ( domain: # html ''
${domain}
'') sortedDomains; items = strings.concatStringsSep "\n" list; in # html '' Hosted Sites

Hosted Sites

${items}
''; user = "caddy"; group = "caddy"; }; services.caddy.virtualHosts = { "router.tigor.web.id".extraConfig = '' @denied not remote_ip private_ranges respond @denied "Access denied" 403 reverse_proxy 192.168.100.1 ''; "tigor.web.id".extraConfig = '' root * /etc/caddy/static/tigor.web.id file_server ''; "crowfx.web.id".extraConfig = '' root * /etc/caddy/static/tigor.web.id file_server ''; }; environment.etc."alloy/config.alloy".text = # hcl '' local.file_match "caddy_access_log" { path_targets = [ { "__path__" = "/var/log/caddy/*.log", }, ] sync_period = "30s" } loki.source.file "caddy_access_log" { targets = local.file_match.caddy_access_log.targets forward_to = [loki.process.caddy_access_log.receiver] } loki.process "caddy_access_log" { forward_to = [loki.write.default.receiver] stage.json { expressions = { level = "", host = "request.host", method = "request.method", proto = "request.proto", ts = "", } } stage.labels { values = { level = "", host = "", method = "", proto = "", } } stage.label_drop { values = ["service_name"] } stage.static_labels { values = { job = "caddy_access_log", } } stage.timestamp { source = "ts" format = "unix" } } ''; }; }