Got it working!

Scaffolding
2025-09-16 19:13:56 -07:00 · 2025-09-16 18:45:24 -07:00
4 changed files with 27 additions and 9 deletions
--- a/hosts/juri/host.nix
+++ b/hosts/juri/host.nix
@ -17,12 +17,14 @@ in {
      forgejoPassword = {
        owner = "forgejo";
      };
+      caddyApi = {};
    };
  };

  caddy = {
    enable = true;
    adminEmail = email;
+    environmentFile = config.sops.secrets.caddyApi.path;
    vhosts = {
      "juri.woach.me" = {
        extraConfig = ''
@ -39,6 +41,12 @@ in {
        extraConfig = ''
          reverse_proxy :${builtins.toString config.headscale.server.port}
        '';
+        serverAliases = [ "*.dns.ginko.woach.me" ];
+      };
+      "juri.${config.services.headscale.settings.dns.base_domain}" = {
+        extraConfig = ''
+          reverse_proxy :${builtins.toString config.fava.port}
+        '';
      };
    };
  };
--- a/hosts/juri/secrets.yaml
+++ b/hosts/juri/secrets.yaml
@ -1,10 +1,7 @@
 pdsEnv: ENC[AES256_GCM,data:W1kKvcntrBOSgo7gLxwO8A9ZkWjkRWfUDZUMy5YNvhzqYS5xBPGL4QEcknWtQaVfaZklnO/+Gr5JEq/qgU2nIEY3xazfjYl4MNkZBhuwI20RwZB9voVubzHbPwjLtZbNTXRMa7BzO6a3ieSudKWAMP0dumG3/+wHtTYOM6lxUBfpw51+lNikc7kLqI+lzys0jC37ajP0/cm/U644BD0ozSSF289CLtXSkLt8sgHvA1ci8M+wEEq4aJ0JTVs98m0E7Udaride4tjLelESx3hPdoVzBIEa,iv:sQiYE//UGGA2qPfbM9//FcKEued6t8ORiKW8kfzLtz0=,tag:Fj+CzBgL8MH/6FLnUadIPQ==,type:str]
 forgejoPassword: ENC[AES256_GCM,data:cQJJbf07v4HngeSYE2TwTcAx8WY=,iv:533TO2MfJVop93U4T7yIIiu6i4swDtduFuu79ZzFYFU=,tag:Pz5u/NqOSTKz2zFNzNLY5w==,type:str]
+caddyApi: ENC[AES256_GCM,data:mWb/pMr1cxbz6K2ZQkV3AF93/GtIPZyYrJfDDbisK3GhMlWOVZNWDzw7cC/e+1w5aSxeGmOAE13eETVpV9q8W2Bjg8IADn/4j8Su90LxAr+U77pVoF0gUvv1CagEXM8myx+GgaAG80xIeSUNUMOMsgUhJTBoaMrVpHDEPREsa9XyRzEB4X3uQnKx4tUNcUqGSUu5wvMfXDF7rNzJhkVEfE6i,iv:h5QLei1PcZUc4djaqbId9VFv8Rr2dTa7CNowxZVlRUA=,tag:nBfyFVU/fBboswcVsGKL4A==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
    age:
        - recipient: age1ey3wr2wnkgny3dfgvnyrf0cptwzr7s5x464p2y9ya58lpay8lfrsds3y68
          enc: |
@ -33,8 +30,7 @@ sops:
            N3NhMHp3V1ppclQvWTIxNkM5RjhRV0EKl8goB9tCl0BGi4jN7Fzuh0Ajm146x2Hu
            vesj+ENu2E9II3OeYuBndD+Y4x2zugIpzNOPg1V8zkarJOf7R/sXEw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-24T19:31:53Z"
-    mac: ENC[AES256_GCM,data:5FVSw5wMXRl4qZQmD4yS7g/9qztaveDiU7mgifiOhOBqQrtvv5I/V7rkb5nKew+N3vKmg4vpWBL4kFxsQvWekAPT+ToNED4XhB5H5wZ/RyXga0CU0PMKWtGdEKdyjs4cIZjfScclW0ONgaSkv6XtCLj1V+ukPY3WBI3/2jnf6dA=,iv:7p1qEG1+E7SNLv64/aqjm1ppF4jQ/5h+Z5iHzd8sGDA=,tag:hG59vDcqha1MQf+kN1jguw==,type:str]
-    pgp: []
+    lastmodified: "2025-09-17T01:49:06Z"
+    mac: ENC[AES256_GCM,data:THEyH3KP9VVFiP7NAPn693dolWIWByb3wSjwC9QLSTe3cgdJbFqa5GvVzFa6xM1ue/GYStMwYIZt0+3LP5Wz5B2KWNy2ljvgFXjzlDHxSOzkWi3/yP9fnuRyf0vujW2Q0ltkXMleyKSisZCD87FjuUz1J9LBYQP64e0mhyB5jL4=,iv:WUDt4AusjrQVhDFk/XSohBlmxjp6Dp6EoMe08yQ0RYg=,tag:LC2j1Bvgo7h29O9mmgIFCw==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.10.2
--- a/nixosModules/services/caddy/service.nix
+++ b/nixosModules/services/caddy/service.nix
@ -5,14 +5,28 @@
    enable = lib.mkEnableOption "Enables caddy webserver";
    vhosts = lib.mkOption {};
    adminEmail = lib.mkOption { type = lib.types.str; };
+    environmentFile = lib.mkOption {};
  };

  config = lib.mkIf config.caddy.enable {
    networking.firewall.allowedTCPPorts = [ 80 443 ];
    services.caddy = {
      enable = true;
+      globalConfig = ''
+        acme_dns porkbun {
+          api_key {$APIKEY}
+          api_secret_key {$APISECRETKEY}
+        }
+      '';
+      package = pkgs.caddy.withPlugins {
+        plugins = [ "github.com/caddy-dns/porkbun@v0.3.1" ];
+        hash = "sha256-g/Nmi4X/qlqqjY/zoG90iyP5Y5fse6Akr8exG5Spf08=";
+      };
      virtualHosts = config.caddy.vhosts;
      email = config.caddy.adminEmail;
    };
+    systemd.services.caddy.serviceConfig.EnvironmentFile = [ 
+      config.caddy.environmentFile 
+    ];
  };
 }
--- a/nixosModules/services/headscale/service.nix
+++ b/nixosModules/services/headscale/service.nix
@ -17,7 +17,7 @@
      settings = {
        server_url = "https://${config.headscale.server.domain}";
        dns = {
-          base_domain = "connect.claris";
+          base_domain = "dns.${config.headscale.server.domain}";
          override_local_dns = false;
        };
      };
Author	SHA1	Message	Date
Julia Lange	675017114b	Got it working!	2025-09-16 19:13:56 -07:00
Julia Lange	fce0a8e691	Scaffolding	2025-09-16 18:45:24 -07:00