Origami404/flake
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hosts/oparic-dev: caddy

Browse Source
This commit is contained in:
Origami404
2026-05-17 13:53:00 +08:00
parent aee7fca84a
commit 5a8ee4faa4
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hosts/oparic-local-dev/configuration.nix
+21
View File
@@ -96,5 +96,26 @@
sops.defaultSopsFile = ../../secrets/hosts/oparic-local-dev.yaml;
sops.age.keyFile = "/var/lib/sops/age/keys.txt";
sops.secrets.caddy_cloudflare_api_key = {
owner = "caddy";
};
# Caddy 反向代理 + Cloudflare DNS challenge 通配符证书
services.caddy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [ "github.com/caddy-dns/cloudflare@v0.2.4" ];
hash = "sha256-VHm9POg2KixGsMsAcfFFDMK9x6niRJ1iJV9kkSwkSjc=";
};
virtualHosts."*.testing.oparic.luo.ee" = {
extraConfig = ''
tls {
dns cloudflare {file.${config.sops.secrets.caddy_cloudflare_api_key.path}}
}
reverse_proxy localhost:40000
'';
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
system.stateVersion = "23.11";
}
secrets/hosts/oparic-local-dev.yaml
+25
View File
@@ -0,0 +1,25 @@
caddy_cloudflare_api_key: ENC[AES256_GCM,data:AXil/BHboMREDOXfgV/F0BIWYE9+Rq/kdpQhtOkh+yTOLsF9mmP89HQV7VFiOWjXGMvvAlU=,iv:CmqMVBLv55lwt371FJ/1qXY2On1Ilhdm3mzM6cKCw/o=,tag:36poStmxIS9cXk5a7tsNSw==,type:str]
sops:
age:
- enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSjk0cDFsY1JFRFR5WE1Q
ZXlJRTJCNjIyT29XYXkranJqbjAySVA0aEE0CmVEWGo5bVhvd1c5MEVDTjZ2NWpp
VEtTd2Z4bGZLd3R4YnhVKzZLS3pnckkKLS0tIEorcW5aejFtMnlEZjhTNmhZWXdt
RFM1MEFjT29BOUptT0lNazdQK1BNeUEK29JlPkRvbz7HRyB0s+0JHv7fd3i9uMKF
SBEoPrIXWuoNUKmCuZlqJVNIWPEV2v3/tpFWbL9sXN/6qoGpt30csw==
-----END AGE ENCRYPTED FILE-----
recipient: age1nlta6ek2fsre42g38ytwg3fxtra4h444psd7g986md0gzmvv6d5qqlwwjy
- enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVmhxemI1S05zTW9sMzFB
WHVsaEpuNFU5cFZuWWI0Vnd2NFFQb1pvWWwwCmtHU2Y2ZFY2TTVIL1oxckVHbWxt
aVFTVW4wa3JWa2hNcjVmYm51VGZYNlkKLS0tIG44OGJWL0tab2diWkt4M1hEUmFS
ZXlBbjUramhvMXYxQlVSMEh4OEh5eDgKTJMgvoo2Wgn/FsoXsA0mCweUhmqhAGp/
nIvGJsDz88QS+nVGybLkekl6LM+UR+sRy7fttDzX49Oxre7ovkSVyw==
-----END AGE ENCRYPTED FILE-----
recipient: age1mgxmpfpy6qg374kyq66cc5yw68qfw0mlk89rcdy3lkzw9q93jvwqg73395
lastmodified: "2026-05-17T04:26:09Z"
mac: ENC[AES256_GCM,data:XVocfoUXqh7ntKfM64sveo36xHgIX/4zM1dN1ML7Iu4qEsOB1YvHfS80z8KtJxY6ZTWl/XjqeT8YzQ2TSgpPAnND6DQ5dUiXz3G5jqZ8Foa6SQGdfqD5Yk6yBW+GRPHQUIhxBbJLeNtacRQRAC3vBuMdTqX7W/C9leLEt73B1WQ=,iv:XhwXnIXLqBfGRk9lymCGGby+SzYY0dDByPZL8AWk+xg=,tag:ryfQteA2Ul2rP8Y1NgdaOQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.13.0