test: setting up opencloud and microvms

2025-12-06 21:17:14 -06:00 · 2025-12-05 02:47:08 -06:00 · 2025-12-05 02:47:08 -06:00 · 9ab5ebd35f
commit 9ab5ebd35f
parent 97aebfbb59
8 changed files with 81 additions and 122 deletions
--- a/modules/nixos/services/caddy/default.nix
+++ b/modules/nixos/services/caddy/default.nix
@ -1,11 +1,42 @@
+{ flake, config, ... }:
 let
-  importList =
-    let
-      content = builtins.readDir ./.;
-      dirContent = builtins.filter (n: content.${n} == "directory") (builtins.attrNames content);
-    in
-    map (name: ./. + "/${name}") dirContent;
+  inherit (flake.config.services) instances;
+  inherit (flake.config.machines.devices) eris;
+  opencloud = instances.opencloud0;
+  dns = instances.web.dns.provider0;
+  opencloudHost = opencloud.domains.url0;
+  dnsPath = "dns/${dns}";
+  service = instances.caddy;
 in
 {
-  imports = importList;
+  services.caddy = {
+    enable = true;
+    virtualHosts = {
+      "${opencloud.domains.url0}" = {
+        extraConfig = ''
+          reverse_proxy ${opencloud.interface.ip}:${toString opencloud.ports.port0} {
+            header_up X-Real-IP {remote_host}
+          }
+
+          redir /.well-known/carddav /remote.php/dav/ 301
+          redir /.well-known/caldav /remote.php/dav/ 301
+
+          tls ${opencloud.ssl.cert} ${opencloud.ssl.key}
+        '';
+      };
+    };
+  };
+  security.acme.certs."${opencloudHost}" = {
+    dnsProvider = dns;
+    environmentFile = config.sops.secrets.${dnsPath}.path;
+    group = "caddy";
+  };
+  networking = {
+    firewall = {
+      allowedTCPPorts = [
+        service.ports.port0 # 80
+        service.ports.port1 # 443
+      ];
+    };
+  };
 }