2025-07-27 14:53:26 -05:00
|
|
|
{ config, flake, ... }:
|
|
|
|
|
let
|
|
|
|
|
inherit (flake.config.services.instances)
|
|
|
|
|
prompter
|
|
|
|
|
;
|
|
|
|
|
service = prompter;
|
|
|
|
|
host = prompter.domains.url0;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
services = {
|
|
|
|
|
caddy = {
|
2025-07-27 15:53:58 -05:00
|
|
|
environmentFile = config.sops.secrets."caddy/${service.name}-auth".path;
|
2025-07-27 14:53:26 -05:00
|
|
|
|
|
|
|
|
virtualHosts = {
|
|
|
|
|
"${host}" = {
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
basicauth {
|
|
|
|
|
{$CADDY_AUTH_USER} {$CADDY_AUTH_PASSWORD_HASH}
|
|
|
|
|
}
|
|
|
|
|
root * ${service.paths.path0}
|
|
|
|
|
file_server
|
|
|
|
|
encode gzip
|
|
|
|
|
try_files {path} /index.html
|
|
|
|
|
tls ${service.ssl.cert} ${service.ssl.key}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
sops =
|
|
|
|
|
let
|
|
|
|
|
sopsPath = secret: {
|
2025-07-27 15:53:58 -05:00
|
|
|
path = "${service.sops.path0}/${service.name}-${secret}.env";
|
|
|
|
|
owner = "caddy";
|
|
|
|
|
mode = "0400";
|
2025-07-27 14:53:26 -05:00
|
|
|
};
|
|
|
|
|
in
|
|
|
|
|
{
|
2025-07-27 15:53:58 -05:00
|
|
|
secrets = {
|
|
|
|
|
"caddy/${service.name}-auth" = sopsPath "auth";
|
|
|
|
|
};
|
2025-07-27 14:53:26 -05:00
|
|
|
};
|
2025-07-27 15:53:58 -05:00
|
|
|
|
2025-07-27 14:53:26 -05:00
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
|
"Z ${service.paths.path0} 755 caddy caddy -"
|
|
|
|
|
"Z ${service.sops.path0} 755 caddy caddy -"
|
|
|
|
|
];
|
|
|
|
|
}
|
