rebmit/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

services/caddy: init

Browse source
This commit is contained in:
Lu Wang 2024-12-14 21:10:44 +08:00
parent aa251818a2
commit 44cf0004f4
Signed by: rebmit
SSH key fingerprint: SHA256:3px8QV1zEerIrEWHaqtH5rR9kjetyRST5EipOPrd+bU
1 changed files with 22 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
nixos/profiles/services/caddy/default.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, mylib, ... }:
{
services.caddy = {
enable = true;
enableReload = true;
};
systemd.services.caddy.serviceConfig = mylib.misc.serviceHardened // {
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
};
systemd.services.caddy-api.serviceConfig = mylib.misc.serviceHardened // {
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
};
services.restic.backups.b2.paths = [
config.services.caddy.logDir
config.services.caddy.dataDir
];
}