homelab tinkering 2

modules/server/caddy/default.nix

@@ -12,11 +12,11 @@ in {
     server.caddy.enable = mkEnableOption "Enables caddy";
   };
   config = mkIf cfg.enable {
-    age.secrets.cloudflare-env = {
+    # age.secrets.cloudflare-env = {
-      file = "${self}/secrets/cloudflare-env.age";
+    #   file = "${self}/secrets/cloudflare-env.age";
-      owner = "caddy";
+    #   owner = "caddy";
-      mode = "400";
+    #   mode = "400";
-    };
+    # };
     networking.firewall = let
       ports = [80 443];
     in {
@@ -26,7 +26,7 @@ in {
 
     services.caddy = {
       enable = true;
-      environmentFile = config.age.secrets.cloudflare-env.path;
+      # environmentFile = config.age.secrets.cloudflare-env.path;
       # package = self.packages.${pkgs.system}.caddy-with-plugins;
     };
   };

modules/server/vaultwarden/default.nix

@@ -29,14 +29,14 @@ in {
       Group = "root";
     };
 
-    services.caddy.virtualHosts."vault.cnst.dev".extraConfig = ''
+    # services.caddy.virtualHosts."vault.cnst.dev".extraConfig = ''
-      encode zstd gzip
+    #   encode zstd gzip
-      reverse_proxy ${vcfg.ROCKET_ADDRESS}:${toString vcfg.ROCKET_PORT} {
+    #   reverse_proxy ${vcfg.ROCKET_ADDRESS}:${toString vcfg.ROCKET_PORT} {
-        header_up X-Real-IP {remote_host}
+    #     # header_up X-Real-IP {remote_host}
-        # Use this instead, if using Cloudflare's proxy
+    #     # Use this instead, if using Cloudflare's proxy
-        # header_up X-Real-IP {http.request.header.Cf-Connecting-Ip}
+    #     header_up X-Real-IP {http.request.header.Cf-Connecting-Ip}
-      }
+    #   }
-    '';
+    # '';
 
     services.vaultwarden = {
       enable = true;
@@ -51,6 +51,7 @@ in {
         ROCKET_PORT = 8222;
         EXTENDED_LOGGING = true;
         LOG_LEVEL = "warn";
+        IP_HEADER = "CF-Connecting-IP";
       };
     };
   };