initial setup for forgejo and caddy

1 files changed, 44 insertions, 0 deletions

diff --git a/machines/nixos/x86_64-linux/do-rproxy/profiles/caddy.nix b/machines/nixos/x86_64-linux/do-rproxy/profiles/caddy.nix
new file mode 100644
index 0000000..7fab370
--- /dev/null
+++ b/machines/nixos/x86_64-linux/do-rproxy/profiles/caddy.nix
@@ -0,0 +1,44 @@
+{ config, ... }:
+{
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "franck@fcuny.net";
+    certs = {
+      "code.fcuny.net" = {
+        domain = "code.fcuny.net";
+        dnsProvider = "cloudflare";
+        dnsResolver = "1.1.1.1";
+        reloadServices = [ "caddy.service" ];
+        credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-caddy".path;
+      };
+    };
+  };
+
+  services.caddy = {
+    enable = true;
+    email = "franck@fcuny.net";
+    globalConfig = ''
+      metrics {
+        per_host
+      }
+      admin :2019 {
+        origins 127.0.0.1 10.100.0.0/24
+      }
+    '';
+    virtualHosts = {
+      forgejo = {
+        hostName = "code.fcuny.net";
+        useACMEHost = "code.fcuny.net";
+        extraConfig = ''
+          respond /metrics 403
+          reverse_proxy 10.100.0.40:3000
+        '';
+      };
+    };
+  };
+}