{ config, lib, unstable, ... }: let cfg = config.profile.services.caddy; inherit (lib) mkIf attrsets strings lists ; in { config = mkIf cfg.enable { services.caddy = { enable = true; package = unstable.caddy; }; sops = { secrets = { "caddy/basic_auth/username" = { }; "caddy/basic_auth/password" = { }; }; templates."caddy/basic_auth.env".content = '' AUTH_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"} AUTH_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"} ''; }; systemd.services.caddy.serviceConfig = { EnvironmentFile = [ config.sops.templates."caddy/basic_auth.env".path ]; }; services.caddy.globalConfig = # caddy '' servers { metrics } ''; environment.etc."caddy/static/tigor.web.id/index.html" = { text = let domains = attrsets.mapAttrsToList ( name: _: strings.removePrefix "https://" name ) config.services.caddy.virtualHosts; sortedDomains = lists.sort (a: b: a < b) domains; list = map ( domain: # html ''
'') sortedDomains; items = strings.concatStringsSep "\n" list; in # html ''