hosts/oparic-dev: caddy

2026-05-17 13:53:00 +08:00
parent aee7fca84a
commit 5a8ee4faa4
2 changed files with 46 additions and 0 deletions
@@ -96,5 +96,26 @@
  sops.defaultSopsFile = ../../secrets/hosts/oparic-local-dev.yaml;
  sops.age.keyFile = "/var/lib/sops/age/keys.txt";

+  sops.secrets.caddy_cloudflare_api_key = {
+    owner = "caddy";
+  };
+  # Caddy 反向代理 + Cloudflare DNS challenge 通配符证书
+  services.caddy = {
+    enable = true;
+    package = pkgs.caddy.withPlugins {
+      plugins = [ "github.com/caddy-dns/cloudflare@v0.2.4" ];
+      hash = "sha256-VHm9POg2KixGsMsAcfFFDMK9x6niRJ1iJV9kkSwkSjc=";
+    };
+    virtualHosts."*.testing.oparic.luo.ee" = {
+      extraConfig = ''
+        tls {
+          dns cloudflare {file.${config.sops.secrets.caddy_cloudflare_api_key.path}}
+        }
+        reverse_proxy localhost:40000
+      '';
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
  system.stateVersion = "23.11";
 }