services/caddy.nix

@@ -1,15 +0,0 @@
-{ config, ... }: {
-  services.caddy = {
-    enable = true;
-    logFormat = "level INFO";
-  };
-
-  services.crowdsec = {
-    localConfig.acquisitions = [{
-      filenames = [ "${config.services.caddy.logDir}/*.log" ];
-      labels.type = "caddy";
-    }];
-
-    hub.parsers = [ "crowdsecurity/caddy-logs" ];
-  };
-}

services/vaultwarden.nix

@@ -36,28 +36,7 @@ in {
   };
 
   services.caddy.virtualHosts."vault.millironx.com".extraConfig = ''
-    # See <https://github.com/dani-garcia/vaultwarden/wiki/Proxy-examples>
-    encode zstd gzip
-    header / {
-    	Strict-Transport-Security "max-age=31536000;"
-    	X-XSS-Protection "0"
-    	X-Frame-Options "DENY"
-    	X-Robots-Tag "noindex, nofollow"
-    	X-Content-Type-Options "nosniff"
-    	-Server
-    	-X-Powered-By
-    	-Last-Modified
-    }
-
-    @admin {
-      path /admin*
-      not remote_ip private_ranges 100.64.0.0/10
-    }
-    respond @admin "Access denied to remote clients. Use localhost or VPN." 403
-
-    reverse_proxy http://127.0.0.1:${port} {
-      header_up X-Real-IP {remote_host}
-    }
+    reverse_proxy http://127.0.0.1:${port}
   '';
 
   users.users."${user}" = {

systems/linux/mcentire.nix

@@ -5,7 +5,6 @@
     ./hardware-configuration/mcentire.nix
     ./../../modules/podman-secrets.nix
     ./../../services/borgmatic.nix
-    ./../../services/caddy.nix
     ./../../services/crowdsec.nix
     ./../../services/authentik.nix
     ./../../services/audiobookshelf.nix
@@ -68,6 +67,7 @@
   services = {
     openssh.enable = true;
     tailscale.enable = true;
+    caddy.enable = true;
 
     # Do not "enable" database services, but include the package configuration
     # so that borgmatic does not freak out about unset variables