www/caddy.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

{ self, lib, ... }:
let
  html =
    with lib.fileset;
    toSource {
      root = ./html;
      fileset = ./html;
    };
in
{
  flake.domain = "heimfeld.hamburg";
  flake.machines.tharos = {
    nixos =
      { lib, ... }:
      {
        networking.firewall.allowedTCPPorts = [
          80
          443
        ];

        services.caddy = {
          enable = true;
          email = "redaktion@${self.domain}";
          virtualHosts.${self.domain} = {
            serverAliases = [ "www.${self.domain}" ];
            extraConfig = ''
              file_server {
                index index.shtml${
                  "" # TODO: Entfernen wenn Inhalte aufgeräumt
                }
              }
              root * /var/www/${self.domain}
              encode gzip

              ${
                "" # TODO: Entfernen wenn Inhalte aufgeräumt
              }@shtml {
                  path *.shtml
                  path */
              }
              header @shtml Content-Type "text/html; charset=utf-8"
            '';
          };
        };

        systemd.tmpfiles.rules = [
          # Verzeichnis für Web-Inhalte sofort anlegen, da der Webserver sonst nicht startet,
          # aber nur wenn es noch nicht existiert.
          "C /var/www/${self.domain} - - - - ${html}"
        ];
      };
    vm =
      {
        config,
        pkgs,
        lib,
        ...
      }:
      let
        httpPort = 800;
      in
      {
        services.caddy.globalConfig = ''
          local_certs
        '';
        services.caddy.virtualHosts = {
          "http://localhost:${toString httpPort}".extraConfig =
            config.services.caddy.virtualHosts.${self.domain}.extraConfig;
        };
        networking.firewall.allowedTCPPorts = [
          httpPort
        ];

        systemd.services.caddy.path = [ pkgs.nssTools ]; # Irrelevante Warnung unterdrücken

        services.getty.helpLine = lib.mkAfter ''
          ${
            "" # Leerzeile für bessere Lesbarkeit
          }
          ${self.domain}: http://localhost:${toString (config.virtualisation.portOffset + httpPort)}
        '';
      };
  };
  perSystem =
    {
      pkgs,
      system,
      self',
      ...
    }:
    {
      # Website-Inhalte auf den Server hochladen
      packages.publish = pkgs.writeShellApplication {
        name = "publish";
        runtimeInputs = with pkgs; [ rsync ];
        text = ''
          rsync -avi --rsync-path "sudo rsync" --chown caddy:caddy --delete ${self'.packages.html}/ ${self.machines.tharos.deploy-target}:/var/www/${self.domain}/
        '';
      };

      # Lokale Vorschau
      packages.html = pkgs.runCommand "source" { } ''
        cp -r ${html} $out
      '';
      packages.preview = pkgs.devmode.override {
        buildArgs = ''
          -A packages.${system}.html -vv
        '';
      };
    };
}