34 lines
726 B
Nix
34 lines
726 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
mylib,
|
|
...
|
|
}:
|
|
{
|
|
services.caddy = {
|
|
enable = true;
|
|
enableReload = true;
|
|
package = pkgs.caddy.withPlugins {
|
|
plugins = [ "github.com/mholt/caddy-l4@3c6cc2c0ee0875899fde271fbdef95be3fef7a92" ];
|
|
hash = "sha256-s5LzVOAvVsZxbhdgIdpe1OBSHIAc/tCi+1pEofeQx6k=";
|
|
};
|
|
};
|
|
|
|
systemd.services.caddy.serviceConfig = mylib.misc.serviceHardened // {
|
|
AmbientCapabilities = [
|
|
""
|
|
"CAP_NET_BIND_SERVICE"
|
|
];
|
|
CapabilityBoundingSet = [
|
|
""
|
|
"CAP_NET_BIND_SERVICE"
|
|
];
|
|
};
|
|
|
|
services.restic.backups.b2.paths = [ config.services.caddy.dataDir ];
|
|
|
|
services.caddy.globalConfig = ''
|
|
admin 127.0.0.1:${toString config.networking.ports.caddy-admin}
|
|
'';
|
|
}
|