2024-12-19 15:14:46 +08:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
pkgs,
|
|
|
|
|
mylib,
|
|
|
|
|
...
|
|
|
|
|
}:
|
2024-12-14 21:10:44 +08:00
|
|
|
{
|
|
|
|
|
services.caddy = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enableReload = true;
|
2024-12-19 15:14:46 +08:00
|
|
|
package = pkgs.caddy.withPlugins {
|
|
|
|
|
plugins = [ "github.com/mholt/caddy-l4@3c6cc2c0ee0875899fde271fbdef95be3fef7a92" ];
|
|
|
|
|
hash = "sha256-s5LzVOAvVsZxbhdgIdpe1OBSHIAc/tCi+1pEofeQx6k=";
|
|
|
|
|
};
|
2024-12-14 21:10:44 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.services.caddy.serviceConfig = mylib.misc.serviceHardened // {
|
2024-12-20 21:41:02 +08:00
|
|
|
AmbientCapabilities = [
|
|
|
|
|
""
|
|
|
|
|
"CAP_NET_BIND_SERVICE"
|
|
|
|
|
];
|
|
|
|
|
CapabilityBoundingSet = [
|
|
|
|
|
""
|
|
|
|
|
"CAP_NET_BIND_SERVICE"
|
|
|
|
|
];
|
2024-12-14 21:10:44 +08:00
|
|
|
};
|
|
|
|
|
|
2024-12-16 20:08:14 +08:00
|
|
|
services.restic.backups.b2.paths = [ config.services.caddy.dataDir ];
|
2024-12-20 16:06:23 +08:00
|
|
|
|
|
|
|
|
services.caddy.globalConfig = ''
|
|
|
|
|
admin 127.0.0.1:${toString config.networking.ports.caddy-admin}
|
2024-12-22 22:20:43 +08:00
|
|
|
|
|
|
|
|
servers {
|
|
|
|
|
metrics
|
|
|
|
|
}
|
2024-12-20 16:06:23 +08:00
|
|
|
'';
|
2024-12-14 21:10:44 +08:00
|
|
|
}
|
