chore: Port over Caddy internal stack

2025-05-06 19:37:57 -04:00 · 2025-05-06 19:37:57 -04:00 · 126147fcb4
commit 126147fcb4
parent d1e9635166
7 changed files with 125 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -2,10 +2,31 @@
 Work-in-progress NixOS Server Infrastructure based on [valerie's NixOS setup](https://git.dessa.dev/valnyx/nixos/src/branch/main).
-## WARNING
+## WIP
 This is a work-in-progress and currently DOES NOT WORK. Please check back later.
 ### Checklist
  - [x] Get basic install working
  - [x] Configure reverse proxy
  - [x] Configure firewall
  - [x] Install Docker
  - [x] Configure NFS mount
  - [x] Configure Traefik & its dashboard
  - [ ] Configure Caddy for internal service port forwarding (difficult!)
  - [ ] Install Portainer for other servers & basic admin tasks
  - [ ] Install Forgejo
  - [ ] Install Personal Website
  - [ ] Install Passbolt
  - [ ] Install Pterodactyl Panel
  - [ ] Install Immich
  - [ ] Restore Forgejo
  - [ ] Restore Passbolt
  - [ ] Restore Pterodactyl Panel
  - [ ] Restore Immich (difficult!)
  - [ ] Get myself a treat :3
 ## Setup
 ### Setting up Sops
--- a/hosts/andromeda/configuration.nix
+++ b/hosts/andromeda/configuration.nix
@ -17,6 +17,7 @@
    # Docker stacks
    ./stacks/traefik/docker-compose.nix
    ./stacks/caddy/docker-compose.nix
  ];
  users.mutableUsers = false;
--- a/hosts/andromeda/stacks/caddy/docker-compose.nix
+++ b/hosts/andromeda/stacks/caddy/docker-compose.nix
@ -0,0 +1,84 @@
 # Auto-generated using compose2nix v0.3.1.
 { pkgs, lib, ... }:
 {
  imports = [
    ../../../../system/sops.nix
  ];
  # Containers
  virtualisation.oci-containers.containers."caddy-web" = {
    environmentFiles = [ config.sops.secrets.caddy_docker_env.path ];
    image = "caddy-custom:2.10.0-builder";
    volumes = [
      "${./volume}:/etc/caddy:ro"
      "caddy_caddy:/data:rw"
    ];
    log-driver = "journald";
    extraOptions = [
      "--health-cmd=curl -sS -k https://127.0.0.1 || exit 1"
      "--health-interval=10s"
      "--health-retries=3"
      "--health-timeout=10s"
      "--network=host"
    ];
  };
  systemd.services."docker-caddy-web" = {
    serviceConfig = {
      Restart = lib.mkOverride 90 "on-failure";
      RestartMaxDelaySec = lib.mkOverride 90 "1m";
      RestartSec = lib.mkOverride 90 "100ms";
      RestartSteps = lib.mkOverride 90 9;
    };
    after = [
      "docker-volume-caddy_caddy.service"
    ];
    requires = [
      "docker-volume-caddy_caddy.service"
    ];
    partOf = [
      "docker-compose-caddy-root.target"
    ];
    wantedBy = [
      "docker-compose-caddy-root.target"
    ];
  };
  # Volumes
  systemd.services."docker-volume-caddy_caddy" = {
    path = [ pkgs.docker ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
    };
    script = ''
      docker volume inspect caddy_caddy || docker volume create caddy_caddy
    '';
    partOf = [ "docker-compose-caddy-root.target" ];
    wantedBy = [ "docker-compose-caddy-root.target" ];
  };
  # Builds
  systemd.services."docker-build-caddy-web" = {
    path = [ pkgs.docker pkgs.git ];
    serviceConfig = {
      Type = "oneshot";
      TimeoutSec = 300;
    };
    script = ''
      cd /home/tera/Documents/ops/misc-git/nix-infra/hosts/andromeda/stacks/caddy/caddy
      docker build -t caddy-custom:2.10.0-builder -f ${./volume/Dockerfile} .
    '';
  };
  # Root service
  # When started, this will automatically create all resources and start
  # the containers. When stopped, this will teardown all resources.
  systemd.targets."docker-compose-caddy-root" = {
    unitConfig = {
      Description = "Root target generated by compose2nix.";
    };
    wantedBy = [ "multi-user.target" ];
  };
 }
--- a/hosts/andromeda/stacks/caddy/volume/Caddyfile
+++ b/hosts/andromeda/stacks/caddy/volume/Caddyfile
@ -0,0 +1,8 @@
 hofers.cloud, *.hofers.cloud {
    tls {
        dns cloudflare {env.CF_API_TOKEN}
        resolvers 1.1.1.1
    }
    reverse_proxy /* 127.0.0.1:8000
 }
--- a/hosts/andromeda/stacks/caddy/volume/Dockerfile
+++ b/hosts/andromeda/stacks/caddy/volume/Dockerfile
@ -0,0 +1,8 @@
 FROM caddy:2.10.0-builder AS caddy-builder
 RUN xcaddy build \
    --with github.com/caddy-dns/cloudflare
 FROM caddy:2.10.0-alpine
 COPY --from=caddy-builder /usr/bin/caddy /usr/bin/caddy
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 7851d29bba582893f904cf7b9244abd7adaa0068
+Subproject commit 05d59e8bdcd23b9877443bebb1e5894992d786fa
--- a/system/sops.nix
+++ b/system/sops.nix
@ -20,6 +20,7 @@ in
        neededForUsers = true;
      };
      reverse_proxy_client_privkey = {};
      caddy_docker_env = {};
    };
  };
 }
		`@ -1 +1 @@`
			`Subproject commit 7851d29bba582893f904cf7b9244abd7adaa0068`				`Subproject commit 05d59e8bdcd23b9877443bebb1e5894992d786fa`