Refactor Caddy config into networking.caddy module

Move Caddy configuration from individual services to a shared networking.caddy module. Update service modules and system config to use the new interface. Remove redundant user definitions and old Caddy config blocks.
2026-03-04 09:29:36 +01:00 · 2026-03-04 09:29:36 +01:00 · 4e9ef9dc4f
commit 4e9ef9dc4f
parent d3a394dfd9
10 changed files with 308 additions and 286 deletions
--- a/modules/nixos/services/authentication/zitadel/default.nix
+++ b/modules/nixos/services/authentication/zitadel/default.nix
@ -537,7 +537,25 @@ in
    };
  in
  mkIf cfg.enable {
-    ${namespace}.services.persistance.postgresql.enable = true;
+    ${namespace}.services = {
+      persistance.postgresql.enable = true;
+
+      networking.caddy = {
+        hosts = {
+          "auth.kruining.eu" = ''
+            reverse_proxy h2c://::1:9092
+          '';
+        };
+        extraConfig = ''
+          (auth) {
+            forward_auth h2c://::1:9092 {
+              uri /api/authz/forward-auth
+              copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+            }
+          }
+        '';
+      };
+    };

    environment.systemPackages = with pkgs; [
      zitadel
@ -678,23 +696,6 @@ in
          }
        ];
      };
-
-      caddy = {
-        enable = true;
-        virtualHosts = {
-          "auth.kruining.eu".extraConfig = ''
-            reverse_proxy h2c://::1:9092
-          '';
-        };
-        extraConfig = ''
-          (auth) {
-            forward_auth h2c://::1:9092 {
-              uri /api/authz/forward-auth
-              copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
-            }
-          }
-        '';
-      };
    };

    networking.firewall.allowedTCPPorts = [ 80 443 ];