From bb6408ba1684f4971cfd38f13d6a6914900b5f97 Mon Sep 17 00:00:00 2001 From: Angus Gibson Date: Tue, 5 Apr 2016 01:30:21 +0000 Subject: [PATCH] caddy service: initial implementation --- nixos/modules/misc/ids.nix | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/web-servers/caddy.nix | 53 ++++++++++++++++++++ 3 files changed, 56 insertions(+) create mode 100644 nixos/modules/services/web-servers/caddy.nix diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 1e14fe655fc0..8fe7f74a1096 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -259,6 +259,7 @@ hydra-www = 236; syncthing = 237; mfi = 238; + caddy = 239; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! @@ -489,6 +490,7 @@ radicale = 234; syncthing = 237; #mfi = 238; # unused + caddy = 239; # When adding a gid, make sure it doesn't match an existing # uid. Users and groups with the same name should have equal diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index fd479763c0a0..d09f78b68b60 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -433,6 +433,7 @@ ./services/ttys/kmscon.nix ./services/web-apps/pump.io.nix ./services/web-servers/apache-httpd/default.nix + ./services/web-servers/caddy.nix ./services/web-servers/fcgiwrap.nix ./services/web-servers/jboss/default.nix ./services/web-servers/lighttpd/cgit.nix diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix new file mode 100644 index 000000000000..0d2612aaa66b --- /dev/null +++ b/nixos/modules/services/web-servers/caddy.nix @@ -0,0 +1,53 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.caddy; + configFile = pkgs.writeText "Caddyfile" cfg.config; +in +{ + options.services.caddy = { + enable = mkEnableOption "Caddy web server"; + + config = mkOption { + description = "Verbatim Caddyfile to use"; + }; + + email = mkOption { + default = ""; + type = types.string; + description = "Email address (for Let's Encrypt certificate)"; + }; + + dataDir = mkOption { + default = "/var/lib/caddy"; + type = types.path; + description = "The data directory, for storing certificates."; + }; + }; + + config = mkIf cfg.enable { + systemd.services.caddy = { + description = "Caddy web server"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.caddy}/bin/caddy -conf=${configFile} -email=${cfg.email}"; + Type = "simple"; + User = "caddy"; + Group = "caddy"; + AmbientCapabilities = "cap_net_bind_service"; + }; + }; + + users.extraUsers.caddy = { + group = "caddy"; + uid = config.ids.uids.caddy; + home = cfg.dataDir; + createHome = true; + }; + + users.extraGroups.caddy.gid = config.ids.uids.caddy; + }; +}