Add Caddy ingress with sops secrets

2026-05-22 20:32:58 +09:00 · 2026-05-22 13:45:40 +09:00 · 2026-05-22 13:45:40 +09:00 · e70822e6e4
commit e70822e6e4
parent a06f0fb5f6
6 changed files with 95 additions and 0 deletions
--- a/services/ingress.nix
+++ b/services/ingress.nix
@ -0,0 +1,37 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  sops.secrets."cloudflare/caddy_env" = {
+    owner = config.services.caddy.user;
+    group = config.services.caddy.group;
+    mode = "0400";
+    restartUnits = [
+      "caddy.service"
+    ];
+  };
+
+  services.caddy = {
+    enable = true;
+    enableReload = true;
+
+    package = pkgs.caddy.withPlugins {
+      plugins = [
+        "github.com/caddy-dns/cloudflare@v0.2.4"
+      ];
+      hash = "sha256-vNSHU7txQLs0m0UChuszURXjEoMj4r1902+1ei0/DaI=";
+    };
+
+    environmentFile = config.sops.secrets."cloudflare/caddy_env".path;
+
+    globalConfig = ''
+      email smg981024@gmail.com
+      acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+    '';
+
+    virtualHosts."http://yggdrasil.tail6fc192.ts.net:8080".extraConfig = ''
+      respond "yggdrasil caddy ingress ok"
+    '';
+  };
+}