meow

modules/services/caddy/default.nix

@@ -7,71 +7,16 @@
 with lib;
 let
   cfg = config.xyno.services.caddy;
-  wildcardMatcherStr = wildcard: hostName: content: ''
-    @${hostName} host ${hostName}.${wildcard}
-    handle @${hostName} {
-      ${content.extraConfig}
-    }
-
-  '';
-  genOneWildcard = wildcard: host: {
-    extraConfig = ''
-      # extra pre
-      ${host.extraConfigPre}
-      # block bots
-      ${optionalString host.blockBots "import blockBots"}
-      # hosts handler
-      ${concatStrings (mapAttrsToList (n: v: wildcardMatcherStr wildcard n v) host.hosts)}
-      # extra post
-      ${host.extraConfigPost}
-      abort
-    '';
+  schema = import ./json-schema.nix {
+    inherit pkgs lib;
+    schema = builtins.fromJSON (builtins.readFile ./caddy_schema.json);
   };
-  genVHostsFromWildcard = mapAttrs' (
-    n: v: nameValuePair "*.${n}" (genOneWildcard n v)
-  ) cfg.wildcardHosts;
-  schema = import ./json-schema.nix { inherit pkgs lib; schema = builtins.fromJSON (builtins.readFile ./caddy_schema.json); };
 in
 {
   options.xyno.services.caddy.enable = mkEnableOption "enables caddy with the desec plugin";
   options.xyno.services.caddy.config = mkOption {
-    default = {};
-    type = schema.type;
-  }; 
-  options.xyno.services.caddy.wildcardHosts = mkOption {
-    example = {
-      "hailsatan.eu" = {
-        blockBots = true;
-        hosts.md.extraConfig = ''reverse_proxy ...'';
-      };
-    };
     default = { };
-    type =
-      with types;
-      attrsOf (submodule {
-        options = {
-          blockBots = mkOption {
-            type = bool;
-            default = false;
-          };
-          extraConfigPre = mkOption {
-            type = str;
-            default = "";
-          };
-          extraConfigPost = mkOption {
-            type = str;
-            default = "";
-          };
-          hosts = mkOption {
-            default = {};
-            type = attrsOf (submodule {
-              options = {
-                extraConfig = mkOption { type = lines; };
-              };
-            });
-          };
-        };
-      });
+    type = schema.type;
   };
   config = lib.mkIf cfg.enable {
     networking.firewall.allowedTCPPorts = [
@@ -79,34 +24,32 @@ in
       443
     ];
     networking.firewall.allowedUDPPorts = [ 443 ];
+    xyno.services.caddy.config = {
+      apps = {
+        http.metrics.per_host = true;
+        tls.automation.policies = [
+          {
+            issuers = [
+              {
+                ca = "https://acme-v02.api.letsencrypt.org/directory";
+                challenges.dns.provider = {
+                  name = "desec";
+                  token.path = ""; # TODO
+
+                };
+              }
+            ];
+            module = "acme";
+          }
+        ];
+      };
+    };
+
     services.caddy = {
       enable = true;
       package = pkgs.caddy-desec;
       adapter = "json";
       configFile = json.generate "caddy-config.json" cfg.config;
-      # virtualHosts = genVHostsFromWildcard;
-      # email = mkDefault "ssl@xyno.systems";
-      # acmeCA = mkDefault "https://acme-v02.api.letsencrypt.org/directory";
-      # globalConfig = ''
-      #   metrics {
-      #     per_host
-      #   }
-      # '';
-      # extraConfig = ''
-      #   (blockBots) {
-      #     @botForbidden header_regexp User-Agent "(?i)AdsBot-Google|Amazonbot|anthropic-ai|Applebot|Applebot-Extended|AwarioRssBot|AwarioSmartBot|Bytespider|CCBot|ChatGPT|ChatGPT-User|Claude-Web|ClaudeBot|cohere-ai|DataForSeoBot|Diffbot|FacebookBot|Google-Extended|GPTBot|ImagesiftBot|magpie-crawler|omgili|Omgilibot|peer39_crawler|PerplexityBot|YouBot"
-
-      #     handle @botForbidden   {
-      #       redir https://hil-speed.hetzner.com/10GB.bin
-      #     }
-      #     handle /robots.txt {
-      #       respond <<TXT
-      #       User-Agent: *
-      #       Disallow: /
-      #       TXT 200
-      #     }
-      #   }
-      # '';
     };
     xyno.services.monitoring.exporters.caddy = 2019;