chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactor Caddy config into networking.caddy module

Browse source 
Move Caddy configuration from individual services to a shared
networking.caddy module. Update service modules and system config to use
the new interface. Remove redundant user definitions and old Caddy
config blocks.
This commit is contained in:
Chris Kruining 2026-03-04 09:29:36 +01:00
parent d3a394dfd9
commit 4e9ef9dc4f
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
10 changed files with 308 additions and 286 deletions
Download patch file Download diff file Expand all files Collapse all files

35
modules/nixos/services/security/vaultwarden/default.nix
View file

@ -91,6 +91,22 @@ in {
};
config = mkIf cfg.enable {
${namespace}.services.networking.caddy.hosts = {
"vault.kruining.eu" = ''
encode zstd gzip
handle_path /admin {
respond 401 {
close
}
}
reverse_proxy http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} {
header_up X-Real-IP {remote_host}
}
'';
};
systemd.tmpfiles.rules = [
"d '/var/lib/vaultwarden' 0700 vaultwarden vaultwarden - -"
];
@ -150,25 +166,6 @@ in {
}
];
};
caddy = {
enable = true;
virtualHosts = {
"vault.kruining.eu".extraConfig = ''
encode zstd gzip
handle_path /admin {
respond 401 {
close
}
}
reverse_proxy http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT} {
header_up X-Real-IP {remote_host}
}
'';
};
};
};
sops = {