36 lines
781 B
Nix
36 lines
781 B
Nix
{ config, ... }:
|
|
let
|
|
cfg = config.services.caddy;
|
|
caddyDir = directory: {
|
|
inherit directory;
|
|
inherit (cfg) user group;
|
|
mode = "0700";
|
|
};
|
|
in
|
|
{
|
|
environment.persistence."/persistent".directories = [
|
|
(caddyDir cfg.logDir)
|
|
(caddyDir cfg.dataDir)
|
|
];
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
networking.firewall.allowedUDPPorts = [ 443 ];
|
|
services.caddy = {
|
|
enable = true;
|
|
email = "acme-certs@shelvacu.com";
|
|
globalConfig = ''
|
|
admin off
|
|
'';
|
|
virtualHosts."sv.mt".extraConfig = ''
|
|
redir / "https://www.youtube.com/watch?v=dQw4w9WgXcQ" temporary
|
|
'';
|
|
};
|
|
systemd.services.caddy.serviceConfig = {
|
|
SocketBindAllow = [
|
|
"tcp:80"
|
|
"tcp:443"
|
|
"udp:443"
|
|
];
|
|
SocketBindDeny = "any";
|
|
};
|
|
}
|