www/caddy.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

{ self, lib, ... }:
let
  html =
    with lib.fileset;
    toSource {
      root = ./html;
      fileset = ./html;
    };
in
{
  flake.domain = "heimfeld.hamburg";
  flake.machines.tharos = {
    nixos =
      { lib, ... }:
      {
        networking.firewall.allowedTCPPorts = [
          80
          443
        ];

        services.caddy = {
          enable = true;
          email = "redaktion@${self.domain}";
          virtualHosts.${self.domain} = {
            serverAliases = [ "www.${self.domain}" ];
            extraConfig = ''
              file_server
              root * /var/www/${self.domain}
              encode gzip
            '';
          };
        };

        systemd.tmpfiles.rules = [
          # Verzeichnis für Web-Inhalte sofort anlegen, da der Webserver sonst nicht startet,
          # aber nur wenn es noch nicht existiert.
          "C /var/www/${self.domain} - - - - ${html}"
        ];
      };
    vm =
      {
        config,
        pkgs,
        lib,
        ...
      }:
      {
        services.caddy.globalConfig = ''
          local_certs
        '';
        services.caddy.virtualHosts = {
          "http://www.localhost:${toString config.virtualisation.exposedPorts.http.port}".extraConfig =
            config.services.caddy.virtualHosts.${self.domain}.extraConfig;
        };

        systemd.services.caddy.path = [ pkgs.nssTools ]; # Irrelevante Warnung unterdrücken

        services.getty.helpLine = lib.mkBefore ''
          ${self.domain}: http://www.localhost:${
            with config.virtualisation; toString (portOffset + exposedPorts.http.port)
          }
        '';
      };
  };
  perSystem =
    {
      pkgs,
      lib,
      system,
      self',
      ...
    }:
    {
      # Website-Inhalte auf den Server hochladen
      packages.publish = pkgs.writeShellApplication {
        name = "publish";
        runtimeInputs = with pkgs; [ rsync ];
        text = ''
          rsync -avi --rsync-path "sudo rsync" --chown caddy:caddy --delete ${self'.packages.html}/ ${self.machines.tharos.deploy-target}:/var/www/${self.domain}/
        '';
      };

      # Lokale Vorschau
      packages.html = pkgs.runCommand "source" { } ''
        cp -r ${html} $out
      '';
      packages.preview = pkgs.devmode.override {
        buildArgs = ''
          "$(${lib.getExe pkgs.git} rev-parse --show-toplevel)" -A packages.${system}.html -vv
        '';
      };
    };
}