dotfiles/modules/nixos/homelab/caddy/config/opencloud/default.nix

{
  config,
  flake,
  ...
}:
let
  inherit (flake.config.services) instances;

  serviceCfg = instances.opencloud;
  interface0Cfg = serviceCfg.interfaces.interface0;
  interface1Cfg = serviceCfg.interfaces.interface1;
  dns0 = instances.web.dns.provider0;
  dns1 = instances.web.dns.provider1;
  host0 = interface1Cfg.domain;
  host1 = "${interface0Cfg.subdomain}.${flake.inputs.linkpage.secrets.domains.projectsite}";
  credPath = "/var/lib/acme/${host0}";
in
{
  security.acme.certs = {
    "${host0}" = {
      dnsProvider = dns0;
      environmentFile = config.sops.secrets."dns/${dns0}".path;
      group = "caddy";
    };
    "${host1}" = {
      dnsProvider = dns1;
      environmentFile = config.sops.secrets."dns/${dns1}".path;
      group = "caddy";
    };
  };

  services.caddy.virtualHosts = {
    "${host0}" = {
      extraConfig = ''
        reverse_proxy ${interface0Cfg.microvm.ip}:${toString serviceCfg.ports.port0} {
          header_up X-Real-IP {remote_host}
        }
        redir /.well-known/carddav /remote.php/dav/ 301
        redir /.well-known/caldav /remote.php/dav/ 301
        tls ${interface0Cfg.ssl.cert} ${interface0Cfg.ssl.key}
      '';
    };
    "${host1}" = {
      extraConfig = ''
        reverse_proxy ${interface1Cfg.microvm.ip}:${toString serviceCfg.ports.port0} {
          header_up X-Real-IP {remote_host}
        }
        redir /.well-known/carddav /remote.php/dav/ 301
        redir /.well-known/caldav /remote.php/dav/ 301
        tls ${credPath}/fullchain.pem ${credPath}/key.pem 
      '';
    };
  };
}
test: setting up nas structure 2025-12-08 22:25:13 -06:00			`{`
			`config,`
			`flake,`
			`...`
			`}:`
			`let`
			`inherit (flake.config.services) instances;`

			`serviceCfg = instances.opencloud;`
			`interface0Cfg = serviceCfg.interfaces.interface0;`
			`interface1Cfg = serviceCfg.interfaces.interface1;`
			`dns0 = instances.web.dns.provider0;`
			`dns1 = instances.web.dns.provider1;`
			`host0 = interface1Cfg.domain;`
			`host1 = "${interface0Cfg.subdomain}.${flake.inputs.linkpage.secrets.domains.projectsite}";`
			`credPath = "/var/lib/acme/${host0}";`
			`in`
			`{`
			`security.acme.certs = {`
			`"${host0}" = {`
			`dnsProvider = dns0;`
			`environmentFile = config.sops.secrets."dns/${dns0}".path;`
			`group = "caddy";`
			`};`
			`"${host1}" = {`
			`dnsProvider = dns1;`
			`environmentFile = config.sops.secrets."dns/${dns1}".path;`
			`group = "caddy";`
			`};`
			`};`

			`services.caddy.virtualHosts = {`
			`"${host0}" = {`
			`extraConfig = ''`
			`reverse_proxy ${interface0Cfg.microvm.ip}:${toString serviceCfg.ports.port0} {`
			`header_up X-Real-IP {remote_host}`
			`}`
			`redir /.well-known/carddav /remote.php/dav/ 301`
			`redir /.well-known/caldav /remote.php/dav/ 301`
			`tls ${interface0Cfg.ssl.cert} ${interface0Cfg.ssl.key}`
			`'';`
			`};`
			`"${host1}" = {`
			`extraConfig = ''`
			`reverse_proxy ${interface1Cfg.microvm.ip}:${toString serviceCfg.ports.port0} {`
			`header_up X-Real-IP {remote_host}`
			`}`
			`redir /.well-known/carddav /remote.php/dav/ 301`
			`redir /.well-known/caldav /remote.php/dav/ 301`
			`tls ${credPath}/fullchain.pem ${credPath}/key.pem`
			`'';`
			`};`
			`};`
			`}`