2025-12-04 23:32:33 -06:00
|
|
|
{ flake, config, ... }:
|
2025-12-04 23:24:00 -06:00
|
|
|
let
|
|
|
|
|
inherit (flake.config.services) instances;
|
|
|
|
|
inherit (flake.config.machines.devices) eris;
|
|
|
|
|
opencloud = instances.opencloud0;
|
2025-12-04 23:32:33 -06:00
|
|
|
dns = instances.web.dns.provider0;
|
|
|
|
|
opencloudHost = opencloud.domains.url0;
|
|
|
|
|
dnsPath = "dns/${dns}";
|
2025-12-04 23:24:00 -06:00
|
|
|
service = instances.caddy;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
services.caddy = {
|
|
|
|
|
enable = true;
|
|
|
|
|
virtualHosts = {
|
|
|
|
|
"${opencloud.domains.url0}" = {
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
reverse_proxy ${eris.ip.address0}:${builtins.toString service.ports.port1} {
|
|
|
|
|
transport http {
|
|
|
|
|
tls
|
|
|
|
|
tls_insecure_skip_verify
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2025-12-04 23:32:33 -06:00
|
|
|
security.acme.certs."${opencloudHost}" = {
|
|
|
|
|
dnsProvider = dns;
|
|
|
|
|
environmentFile = config.sops.secrets.${dnsPath}.path;
|
|
|
|
|
group = "caddy";
|
|
|
|
|
};
|
|
|
|
|
|
2025-12-04 23:24:00 -06:00
|
|
|
networking = {
|
|
|
|
|
firewall = {
|
|
|
|
|
allowedTCPPorts = [
|
|
|
|
|
service.ports.port0
|
|
|
|
|
service.ports.port1
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
