nix/hosts/laptop-server/config/services/caddy/default.nix

{ pkgs, secrets, ... }:
{
    # TODO: Containerize once I setup a proper shared bridge network
    services.caddy = {
        enable = true;
        package = pkgs.caddy.withPlugins {
            plugins = [ "github.com/caddy-dns/porkbun@v0.2.1" ];
            hash = "sha256-oizWuPXI0M9ngBCt/iEXWt+/33wpKlCs1yBPKnzFhRY=";
        };
        # Use a custom config because doing Caddyfile in multiline nix strings
        # feels messy (and not syntax highlighted)
        configFile = ./Caddyfile;
    };

    # Pass secrets through the systemd service's environment variables
    systemd.services.caddy.environment = {
        PORKBUN_API_KEY = secrets.programs.caddy.porkbun_api_key;
        PORKBUN_API_SECRET_KEY = secrets.programs.caddy.porkbun_secret_key;
    };

    # Allow caddy through the firewall
    networking.firewall = {
        allowedTCPPorts = [ 80 443 ]; # HTTP/1-2
        allowedUDPPorts = [ 443 ]; # HTTP/3 w/ QUIC
    };
}
Overhaul services config on laptop server & fully setup jellyfin + caddy 2025-01-03 21:38:24 -07:00			`{ pkgs, secrets, ... }:`
			`{`
			`# TODO: Containerize once I setup a proper shared bridge network`
			`services.caddy = {`
			`enable = true;`
			`package = pkgs.caddy.withPlugins {`
			`plugins = [ "github.com/caddy-dns/porkbun@v0.2.1" ];`
			`hash = "sha256-oizWuPXI0M9ngBCt/iEXWt+/33wpKlCs1yBPKnzFhRY=";`
			`};`
			`# Use a custom config because doing Caddyfile in multiline nix strings`
			`# feels messy (and not syntax highlighted)`
			`configFile = ./Caddyfile;`
			`};`

			`# Pass secrets through the systemd service's environment variables`
			`systemd.services.caddy.environment = {`
			`PORKBUN_API_KEY = secrets.programs.caddy.porkbun_api_key;`
			`PORKBUN_API_SECRET_KEY = secrets.programs.caddy.porkbun_secret_key;`
			`};`

			`# Allow caddy through the firewall`
			`networking.firewall = {`
			`allowedTCPPorts = [ 80 443 ]; # HTTP/1-2`
			`allowedUDPPorts = [ 443 ]; # HTTP/3 w/ QUIC`
			`};`
			`}`