nixpkgs-suyu/nixos/modules/services/web-servers/caddy.nix
Tuomas Tynkkynen 96190535e5 Revert "nixos: rename system.{stateVersion,defaultChannel} -> system.nixos.\1"
This reverts commit 095fe5b43d.

Pointless renames considered harmful. All they do is force people to
spend extra work updating their configs for no benefit, and hindering
the ability to switch between unstable and stable versions of NixOS.

Like, what was the value of having the "nixos." there? I mean, by
definition anything in a NixOS module has something to do with NixOS...
2018-07-28 00:12:55 +03:00

105 lines
2.9 KiB
Nix

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.caddy;
configFile = pkgs.writeText "Caddyfile" cfg.config;
in {
options.services.caddy = {
enable = mkEnableOption "Caddy web server";
config = mkOption {
default = "";
example = ''
example.com {
gzip
minify
log syslog
root /srv/http
}
'';
type = types.lines;
description = "Verbatim Caddyfile to use";
};
ca = mkOption {
default = "https://acme-v02.api.letsencrypt.org/directory";
example = "https://acme-staging-v02.api.letsencrypt.org/directory";
type = types.string;
description = "Certificate authority ACME server. The default (Let's Encrypt production server) should be fine for most people.";
};
email = mkOption {
default = "";
type = types.string;
description = "Email address (for Let's Encrypt certificate)";
};
agree = mkOption {
default = false;
type = types.bool;
description = "Agree to Let's Encrypt Subscriber Agreement";
};
dataDir = mkOption {
default = "/var/lib/caddy";
type = types.path;
description = ''
The data directory, for storing certificates. Before 17.09, this
would create a .caddy directory. With 17.09 the contents of the
.caddy directory are in the specified data directory instead.
'';
};
package = mkOption {
default = pkgs.caddy;
defaultText = "pkgs.caddy";
type = types.package;
description = "Caddy package to use.";
};
};
config = mkIf cfg.enable {
systemd.services.caddy = {
description = "Caddy web server";
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
{ CADDYPATH = cfg.dataDir; };
serviceConfig = {
ExecStart = ''
${cfg.package.bin}/bin/caddy -root=/var/tmp -conf=${configFile} \
-ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"}
'';
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Type = "simple";
User = "caddy";
Group = "caddy";
Restart = "on-failure";
StartLimitInterval = 86400;
StartLimitBurst = 5;
AmbientCapabilities = "cap_net_bind_service";
CapabilityBoundingSet = "cap_net_bind_service";
NoNewPrivileges = true;
LimitNPROC = 64;
LimitNOFILE = 1048576;
PrivateTmp = true;
PrivateDevices = true;
ProtectHome = true;
ProtectSystem = "full";
ReadWriteDirectories = cfg.dataDir;
};
};
users.users.caddy = {
group = "caddy";
uid = config.ids.uids.caddy;
home = cfg.dataDir;
createHome = true;
};
users.groups.caddy.gid = config.ids.uids.caddy;
};
}