meow

2025-10-16 12:18:36 +02:00 · 2025-10-16 12:18:36 +02:00 · 33ee2f5760
commit 33ee2f5760
parent 350885960e
9 changed files with 10909 additions and 45 deletions
--- a/modules/services/caddy/caddy-config.nix
+++ b/modules/services/caddy/caddy-config.nix
@ -0,0 +1,5 @@
+{ json, lib, ...}: with lib;
+types.submodule {
+  freeformType = json.type;
+  
+}
--- a/modules/services/caddy/caddy_schema.json
+++ b/modules/services/caddy/caddy_schema.json
--- a/modules/services/caddy/default.nix
+++ b/modules/services/caddy/default.nix
@ -0,0 +1,114 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+let
+  cfg = config.xyno.services.caddy;
+  wildcardMatcherStr = wildcard: hostName: content: ''
+    @${hostName} host ${hostName}.${wildcard}
+    handle @${hostName} {
+      ${content.extraConfig}
+    }
+
+  '';
+  genOneWildcard = wildcard: host: {
+    extraConfig = ''
+      # extra pre
+      ${host.extraConfigPre}
+      # block bots
+      ${optionalString host.blockBots "import blockBots"}
+      # hosts handler
+      ${concatStrings (mapAttrsToList (n: v: wildcardMatcherStr wildcard n v) host.hosts)}
+      # extra post
+      ${host.extraConfigPost}
+      abort
+    '';
+  };
+  genVHostsFromWildcard = mapAttrs' (
+    n: v: nameValuePair "*.${n}" (genOneWildcard n v)
+  ) cfg.wildcardHosts;
+  schema = import ./json-schema.nix { inherit pkgs lib; schema = builtins.fromJSON (builtins.readFile ./caddy_schema.json); };
+in
+{
+  options.xyno.services.caddy.enable = mkEnableOption "enables caddy with the desec plugin";
+  options.xyno.services.caddy.config = mkOption {
+    default = {};
+    type = schema.type;
+  }; 
+  options.xyno.services.caddy.wildcardHosts = mkOption {
+    example = {
+      "hailsatan.eu" = {
+        blockBots = true;
+        hosts.md.extraConfig = ''reverse_proxy ...'';
+      };
+    };
+    default = { };
+    type =
+      with types;
+      attrsOf (submodule {
+        options = {
+          blockBots = mkOption {
+            type = bool;
+            default = false;
+          };
+          extraConfigPre = mkOption {
+            type = str;
+            default = "";
+          };
+          extraConfigPost = mkOption {
+            type = str;
+            default = "";
+          };
+          hosts = mkOption {
+            default = {};
+            type = attrsOf (submodule {
+              options = {
+                extraConfig = mkOption { type = lines; };
+              };
+            });
+          };
+        };
+      });
+  };
+  config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+    networking.firewall.allowedUDPPorts = [ 443 ];
+    services.caddy = {
+      enable = true;
+      package = pkgs.caddy-desec;
+      adapter = "json";
+      configFile = json.generate "caddy-config.json" cfg.config;
+      # virtualHosts = genVHostsFromWildcard;
+      # email = mkDefault "ssl@xyno.systems";
+      # acmeCA = mkDefault "https://acme-v02.api.letsencrypt.org/directory";
+      # globalConfig = ''
+      #   metrics {
+      #     per_host
+      #   }
+      # '';
+      # extraConfig = ''
+      #   (blockBots) {
+      #     @botForbidden header_regexp User-Agent "(?i)AdsBot-Google|Amazonbot|anthropic-ai|Applebot|Applebot-Extended|AwarioRssBot|AwarioSmartBot|Bytespider|CCBot|ChatGPT|ChatGPT-User|Claude-Web|ClaudeBot|cohere-ai|DataForSeoBot|Diffbot|FacebookBot|Google-Extended|GPTBot|ImagesiftBot|magpie-crawler|omgili|Omgilibot|peer39_crawler|PerplexityBot|YouBot"
+
+      #     handle @botForbidden   {
+      #       redir https://hil-speed.hetzner.com/10GB.bin
+      #     }
+      #     handle /robots.txt {
+      #       respond <<TXT
+      #       User-Agent: *
+      #       Disallow: /
+      #       TXT 200
+      #     }
+      #   }
+      # '';
+    };
+    xyno.services.monitoring.exporters.caddy = 2019;
+
+  };
+}
--- a/modules/services/caddy/json-schema.nix
+++ b/modules/services/caddy/json-schema.nix
@ -0,0 +1,144 @@
+{
+  pkgs,
+  lib,
+  schema,
+  ...
+}:
+with lib;
+let
+  json = pkgs.formats.json { };
+  submoduleOptions =
+    {
+      spec,
+      depth,
+      extraRequires ? [ ],
+      ...
+    }:
+    let
+      isRequired = n: any (x: x == n) (extraRequires ++ (optionals (spec ? required) spec.required));
+    in
+    if spec ? "$ref" then
+      submoduleOptions (getRef x."$ref")
+    else
+      mapAttrs (
+        n: v:
+        buildOption {
+          inherit depth;
+          spec = v;
+          required = isRequired n;
+        }
+      ) (if spec ? properties then spec.properties else { });
+  getRef =
+    x:
+    let
+      path = splitString "/" (traceVal x);
+      result = attrByPath (tail path) (throw "ref ${x} not found") schema;
+    in
+    result;
+  deref = x: if x ? "$ref" then getRef x."$ref" else x;
+  buildOptionType =
+    {
+      spec,
+      depth ? 0,
+      ...
+    }:
+    let
+      strType = if spec ? enum then types.enum spec.enum else types.str;
+      objType = types.submodule {
+        freeformType = json.type;
+        options = submoduleOptions { inherit spec depth; };
+      };
+      arrType = types.listOf (
+        if spec ? items then
+          buildOptionType {
+            inherit depth;
+            spec = spec.items;
+          }
+        else
+          types.anything
+      );
+      allOfType =
+        let
+          resolve = x: if x ? "if" then x."then" else x; # just ignore conditionals for now
+          resolved = map (x: deref (resolve x)) spec.allOf;
+          # mergedDesc = concatStringsSep "\n" (
+          #   map (x: if x ? markdownDescription then x.markdownDescription else "") resolved
+          # );
+          combined = foldl (x: c: recursiveUpdate c x) { } resolved;
+          # options = map (
+          #   x:
+          #   submoduleOptions {
+          #     spec = x;
+          #     extraRequires = if spec ? required then spec.required else [ ];
+          #   }
+          # ) (traceValSeqN 4 resolved);
+        in
+        buildOptionType {
+          depth = depth + 1;
+          spec = combined;
+        };
+      type =
+        if depth > 3 then
+          types.deferredModule
+        else if spec ? "$ref" then
+          buildOptionType {
+            depth = depth + 1;
+            spec = getRef spec."$ref";
+          }
+        else if spec ? allOf then
+          allOfType
+        else if !spec ? type then
+          json.type
+
+        else if isList spec.type then
+          types.oneOf (map (x: buildOptionType x) spec.type)
+        else if spec.type == "string" then
+          strType
+        else if spec.type == "boolean" then
+          types.bool
+        else if spec.type == "number" then
+          types.number
+        else if spec.type == "array" then
+          arrType
+        else if spec.type == "object" then
+          objType
+        else
+          (throw "unknown json schema type: ${spec.type}");
+
+    in
+    type;
+
+  buildOption =
+    {
+      spec,
+      depth,
+      required ? false,
+      ...
+    }:
+    let
+      type = buildOptionType { inherit spec depth; };
+    in
+    mkOption {
+      type = if required then type else types.nullOr type;
+      description = if spec ? markdownDescription then spec.markdownDescription else "no description qwq";
+      default =
+        if required then
+          if spec.type == "object" then
+            { }
+          else if spec.type == "array" then
+            [ ]
+          else
+            null
+        else
+          null;
+
+    };
+
+in
+{
+  generate = json.generate;
+  type = buildOptionType {
+    depth = 0;
+    spec = schema;
+  };
+}