add caddy module

nixos/configurations/Tytonidae/default.nix

@@ -38,6 +38,10 @@
       };
       open-webui.enable = true;
       transmission.enable = true;
+      caddy = {
+        enable = true;
+        baseDomain = "home.arp";
+      };
     };
     gui.enabled = "cosmic";
   };

nixos/modules/caddy.nix

@@ -0,0 +1,20 @@
+{ lib, config, ... }:
+let
+  cfg = config.youthlic.programs.caddy;
+in
+{
+  options = {
+    youthlic.programs.caddy = {
+      enable = lib.mkEnableOption "caddy";
+      baseDomain = lib.mkOption {
+        type = lib.types.str;
+        example = "youthlic.fun";
+      };
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    services.caddy = {
+      enable = true;
+    };
+  };
+}

nixos/modules/default.nix

@@ -29,6 +29,7 @@
       ./kvm.nix
       ./open-webui.nix
       ./transmission.nix
+      ./caddy.nix
     ];
 
   config = {

nixos/modules/open-webui.nix

@@ -8,14 +8,30 @@ in
       enable = lib.mkEnableOption "open-webui";
     };
   };
-  config = lib.mkIf cfg.enable {
+  config = lib.mkMerge [
-    services.open-webui = {
+    (lib.mkIf cfg.enable {
-      enable = true;
+      services.open-webui = {
-      port = 8083;
+        enable = true;
-      environmentFile = "${config.sops.secrets."open-webui_env".path}";
+        port = 8083;
-    };
+        environmentFile = "${config.sops.secrets."open-webui_env".path}";
-    sops.secrets."open-webui_env" = {
+      };
-      format = "yaml";
+      sops.secrets."open-webui_env" = {
-    };
+        format = "yaml";
-  };
+      };
+    })
+    (
+      let
+        caddy-cfg = config.youthlic.programs.caddy;
+      in
+      lib.mkIf caddy-cfg.enable {
+        services.caddy.virtualHosts = {
+          "open-webui.${caddy-cfg.baseDomain}" = {
+            extraConfig = ''
+              reverse_proxy 127.0.0.1:8083
+            '';
+          };
+        };
+      }
+    )
+  ];
 }

nixos/modules/transmission.nix

@@ -15,24 +15,47 @@ in
       enable = lib.mkEnableOption "transmission";
     };
   };
-  config = lib.mkIf cfg.enable {
+  config = lib.mkMerge [
-    users.groups."${config.services.transmission.group}".members = [
+    (lib.mkIf cfg.enable {
-      config.youthlic.home-manager.unixName
+      users.groups."${config.services.transmission.group}".members = [
-    ];
+        config.youthlic.home-manager.unixName
-    sops.secrets."transmission-config" = {
+      ];
-      sopsFile = rootPath + "/secrets/transmission.yaml";
+      sops.secrets."transmission-config" = {
-    };
+        sopsFile = rootPath + "/secrets/transmission.yaml";
-    services.transmission = {
-      enable = true;
-      package = pkgs.transmission_4;
-      settings = {
-        utp-enabled = true;
-        watch-dir-enabled = true;
-        default-trackers = builtins.readFile "${inputs.bt-tracker}/all.txt";
       };
-      openRPCPort = true;
+      services.transmission = {
-      openPeerPorts = true;
+        enable = true;
-      credentialsFile = "${config.sops.secrets.transmission-config.path}";
+        package = pkgs.transmission_4;
-    };
+        settings = {
-  };
+          utp-enabled = true;
+          watch-dir-enabled = true;
+          default-trackers = builtins.readFile "${inputs.bt-tracker}/all.txt";
+          rpc-bind-address = "0.0.0.0";
+        };
+        openRPCPort = true;
+        openPeerPorts = true;
+        credentialsFile = "${config.sops.secrets.transmission-config.path}";
+      };
+    })
+    (
+      let
+        caddy-cfg = config.youthlic.programs.caddy;
+      in
+      lib.mkIf caddy-cfg.enable {
+        services.transmission = {
+          openRPCPort = lib.mkForce false;
+          settings = {
+            rpc-bind-address = lib.mkForce "127.0.0.1";
+          };
+        };
+        services.caddy.virtualHosts = {
+          "transmission.${caddy-cfg.baseDomain}" = {
+            extraConfig = ''
+              reverse_proxy 127.0.0.1:9091
+            '';
+          };
+        };
+      }
+    )
+  ];
 }