61 lines
1.5 KiB
Nix
61 lines
1.5 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
manualHostname = "manual.everest.tailscale";
|
|
downloadsHostname = "dl.everest.tailscale";
|
|
downloadsConfig = ''
|
|
import tailscale
|
|
file_server browse
|
|
root * /srv/dl/
|
|
'';
|
|
in {
|
|
services.caddy = {
|
|
enable = true;
|
|
globalConfig = ''
|
|
pki {
|
|
ca local {
|
|
name "Caddy (Everest) local CA"
|
|
}
|
|
}
|
|
'';
|
|
extraConfig = ''
|
|
(tailscale) {
|
|
tls internal
|
|
bind 100.73.96.48
|
|
}
|
|
'';
|
|
virtualHosts = {
|
|
nixos-manual = {
|
|
hostName = manualHostname;
|
|
extraConfig = ''
|
|
import tailscale
|
|
file_server
|
|
root * ${config.system.build.manual.manualHTML}/share/doc/nixos
|
|
'';
|
|
};
|
|
downloads = {
|
|
hostName = downloadsHostname;
|
|
extraConfig = downloadsConfig;
|
|
};
|
|
downloads-http = {
|
|
hostName = "http://${downloadsHostname}";
|
|
extraConfig = downloadsConfig;
|
|
};
|
|
};
|
|
};
|
|
services.dnsmasq.settings.cname = [
|
|
"${manualHostname},everest"
|
|
"${downloadsHostname},everest"
|
|
];
|
|
systemd = {
|
|
units.tailscaled.requiredBy = ["caddy.service"];
|
|
# We have somewhat frequent power outages, and our ISP router takes
|
|
# ages to boot up. If I don't add a delay, traefik tries to bind to
|
|
# the tailscale interface before it's ready, making it crash too much
|
|
# in too little time
|
|
services.caddy.serviceConfig.RestartSec = lib.mkForce "120s";
|
|
};
|
|
programs.rust-motd.settings.service_status.Caddy = "caddy";
|
|
}
|