nixos-servers/services/nix-cache/proxy.nix

{ pkgs, config, ... }:
let
  # nix-cache02 serves the canonical nix-cache.home.2rjus.net
  # nix-cache01 serves nix-cache01.home.2rjus.net (deprecated, pending decommission)
  hostname = config.networking.hostName;
  domain =
    if hostname == "nix-cache02" then
      "nix-cache.home.2rjus.net"
    else
      "${hostname}.home.2rjus.net";
in
{
  services.caddy = {
    enable = true;
    package = pkgs.unstable.caddy;
    configFile = pkgs.writeText "Caddyfile" ''
      {
        acme_ca https://vault.home.2rjus.net:8200/v1/pki_int/acme/directory
        metrics
      }


      ${domain} {
        log {
          output file /var/log/caddy/nix-cache.log {
            mode 644
          }
        }
        metrics /metrics

        reverse_proxy http://localhost:5000
      }
    '';
  };
}