nixos-config/config/services/caddy/default.nix

47 lines
1,007 B
Nix
Raw Normal View History

2022-12-30 19:36:54 +00:00
{lib, ...}: {
2022-08-26 15:28:14 +00:00
services.caddy = {
enable = true;
group = "acme";
globalConfig = ''
admin off
storage file_system /var/lib/caddy
auto_https disable_certs
2022-12-30 19:36:54 +00:00
'';
logFormat = lib.mkForce ''
output file /var/log/caddy/access.log {
roll_keep_for 7d
}
format filter {
wrap json
fields {
request>remote_addr ip_mask {
ipv4 0
ipv6 0
}
request>headers>Cf-Connecting-Ip ip_mask {
ipv4 0
ipv6 0
}
request>headers>X-Forwarded-For ip_mask {
ipv4 0
ipv6 0
2022-12-30 13:03:57 +00:00
}
}
2022-08-26 15:28:14 +00:00
'';
extraConfig = ''
(baseConfig) {
encode {
gzip
zstd
# TODO: support for brotli
}
}
'';
};
systemd.tmpfiles.rules = [
"d '/var/lib/caddy' 0750 caddy acme - -"
];
2022-08-26 15:51:40 +00:00
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [443];
2022-08-26 15:28:14 +00:00
}