chore: Port over Caddy internal stack

2025-05-06 19:37:57 -04:00 · 2025-05-06 19:37:57 -04:00 · 126147fcb4
commit 126147fcb4
parent d1e9635166
7 changed files with 125 additions and 2 deletions
--- a/hosts/andromeda/configuration.nix
+++ b/hosts/andromeda/configuration.nix
@ -17,6 +17,7 @@

    # Docker stacks
    ./stacks/traefik/docker-compose.nix
+    ./stacks/caddy/docker-compose.nix
  ];

  users.mutableUsers = false;
--- a/hosts/andromeda/stacks/caddy/docker-compose.nix
+++ b/hosts/andromeda/stacks/caddy/docker-compose.nix
@ -0,0 +1,84 @@
+# Auto-generated using compose2nix v0.3.1.
+{ pkgs, lib, ... }:
+
+{
+  imports = [
+    ../../../../system/sops.nix
+  ];
+
+  # Containers
+  virtualisation.oci-containers.containers."caddy-web" = {
+    environmentFiles = [ config.sops.secrets.caddy_docker_env.path ];
+    image = "caddy-custom:2.10.0-builder";
+    volumes = [
+      "${./volume}:/etc/caddy:ro"
+      "caddy_caddy:/data:rw"
+    ];
+    log-driver = "journald";
+    extraOptions = [
+      "--health-cmd=curl -sS -k https://127.0.0.1 || exit 1"
+      "--health-interval=10s"
+      "--health-retries=3"
+      "--health-timeout=10s"
+      "--network=host"
+    ];
+  };
+
+  systemd.services."docker-caddy-web" = {
+    serviceConfig = {
+      Restart = lib.mkOverride 90 "on-failure";
+      RestartMaxDelaySec = lib.mkOverride 90 "1m";
+      RestartSec = lib.mkOverride 90 "100ms";
+      RestartSteps = lib.mkOverride 90 9;
+    };
+    after = [
+      "docker-volume-caddy_caddy.service"
+    ];
+    requires = [
+      "docker-volume-caddy_caddy.service"
+    ];
+    partOf = [
+      "docker-compose-caddy-root.target"
+    ];
+    wantedBy = [
+      "docker-compose-caddy-root.target"
+    ];
+  };
+
+  # Volumes
+  systemd.services."docker-volume-caddy_caddy" = {
+    path = [ pkgs.docker ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      docker volume inspect caddy_caddy || docker volume create caddy_caddy
+    '';
+    partOf = [ "docker-compose-caddy-root.target" ];
+    wantedBy = [ "docker-compose-caddy-root.target" ];
+  };
+
+  # Builds
+  systemd.services."docker-build-caddy-web" = {
+    path = [ pkgs.docker pkgs.git ];
+    serviceConfig = {
+      Type = "oneshot";
+      TimeoutSec = 300;
+    };
+    script = ''
+      cd /home/tera/Documents/ops/misc-git/nix-infra/hosts/andromeda/stacks/caddy/caddy
+      docker build -t caddy-custom:2.10.0-builder -f ${./volume/Dockerfile} .
+    '';
+  };
+
+  # Root service
+  # When started, this will automatically create all resources and start
+  # the containers. When stopped, this will teardown all resources.
+  systemd.targets."docker-compose-caddy-root" = {
+    unitConfig = {
+      Description = "Root target generated by compose2nix.";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}
--- a/hosts/andromeda/stacks/caddy/volume/Caddyfile
+++ b/hosts/andromeda/stacks/caddy/volume/Caddyfile
@ -0,0 +1,8 @@
+hofers.cloud, *.hofers.cloud {
+    tls {
+        dns cloudflare {env.CF_API_TOKEN}
+        resolvers 1.1.1.1
+    }
+
+    reverse_proxy /* 127.0.0.1:8000
+}
--- a/hosts/andromeda/stacks/caddy/volume/Dockerfile
+++ b/hosts/andromeda/stacks/caddy/volume/Dockerfile
@ -0,0 +1,8 @@
+FROM caddy:2.10.0-builder AS caddy-builder
+
+RUN xcaddy build \
+    --with github.com/caddy-dns/cloudflare
+
+FROM caddy:2.10.0-alpine
+
+COPY --from=caddy-builder /usr/bin/caddy /usr/bin/caddy