caddy: add virtualHosts stub

4 files changed, 114 insertions, 40 deletions

diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 196eba87e13b..87132c908406 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -995,7 +995,7 @@
   ./services/web-apps/youtrack.nix
   ./services/web-apps/zabbix.nix
   ./services/web-servers/apache-httpd/default.nix
-  ./services/web-servers/caddy.nix
+  ./services/web-servers/caddy/default.nix
   ./services/web-servers/darkhttpd.nix
   ./services/web-servers/fcgiwrap.nix
   ./services/web-servers/hitch/default.nix
diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy/default.nix
index 0a059723cccb..fd7102096343 100644
--- a/nixos/modules/services/web-servers/caddy.nix
+++ b/nixos/modules/services/web-servers/caddy/default.nix
@@ -4,7 +4,17 @@ with lib;
 
 let
   cfg = config.services.caddy;
-  configFile = pkgs.writeText "Caddyfile" cfg.config;
+  vhostToConfig = vhostName: vhostAttrs: ''
+    ${vhostName} ${builtins.concatStringsSep " " vhostAttrs.serverAliases} {
+      ${vhostAttrs.extraConfig}
+    }
+  '';
+  configFile = pkgs.writeText "Caddyfile" (builtins.concatStringsSep "\n"
+    ([ cfg.config ] ++ (mapAttrsToList vhostToConfig cfg.virtualHosts)));
+
+  formattedConfig = pkgs.runCommand "formattedCaddyFile" { } ''
+    ${cfg.package}/bin/caddy fmt ${configFile} > $out
+  '';
 
   tlsConfig = {
     apps.tls.automation.policies = [{
@@ -17,7 +27,7 @@ let
 
   adaptedConfig = pkgs.runCommand "caddy-config-adapted.json" { } ''
     ${cfg.package}/bin/caddy adapt \
-      --config ${configFile} --adapter ${cfg.adapter} > $out
+      --config ${formattedConfig} --adapter ${cfg.adapter} > $out
   '';
   tlsJSON = pkgs.writeText "tls.json" (builtins.toJSON tlsConfig);
 
@@ -68,6 +78,27 @@ in
       '';
     };
 
+    virtualHosts = mkOption {
+      type = types.attrsOf (types.submodule (import ./vhost-options.nix {
+        inherit config lib;
+      }));
+      default = { };
+      example = literalExample ''
+        {
+          "hydra.example.com" = {
+            serverAliases = [ "www.hydra.example.com" ];
+            extraConfig = ''''''
+              encode gzip
+              log
+              root /srv/http
+            '''''';
+          };
+        };
+      '';
+      description = "Declarative vhost config";
+    };
+
+
     user = mkOption {
       default = "caddy";
       type = types.str;
diff --git a/nixos/modules/services/web-servers/caddy/vhost-options.nix b/nixos/modules/services/web-servers/caddy/vhost-options.nix
new file mode 100644
index 000000000000..1f74295fc9a2
--- /dev/null
+++ b/nixos/modules/services/web-servers/caddy/vhost-options.nix
@@ -0,0 +1,28 @@
+# This file defines the options that can be used both for the Nginx
+# main server configuration, and for the virtual hosts.  (The latter
+# has additional options that affect the web server as a whole, like
+# the user/group to run under.)
+
+{ lib, ... }:
+
+with lib;
+{
+  options = {
+    serverAliases = mkOption {
+      type = types.listOf types.str;
+      default = [ ];
+      example = [ "www.example.org" "example.org" ];
+      description = ''
+        Additional names of virtual hosts served by this virtual host configuration.
+      '';
+    };
+
+    extraConfig = mkOption {
+      type = types.lines;
+      default = "";
+      description = ''
+        These lines go into the vhost verbatim
+      '';
+    };
+  };
+}
diff --git a/nixos/tests/caddy.nix b/nixos/tests/caddy.nix
index 063f83a2f3d3..29b227c0409b 100644
--- a/nixos/tests/caddy.nix
+++ b/nixos/tests/caddy.nix
@@ -43,49 +43,64 @@ import ./make-test-python.nix ({ pkgs, ... }: {
           }
         '';
       };
+      specialisation.multiple-configs.configuration = {
+        services.caddy.virtualHosts = {
+          "http://localhost:8080" = { };
+          "http://localhost:8081" = { };
+        };
+      };
     };
-  };
 
-  testScript = { nodes, ... }: let
-    etagSystem = "${nodes.webserver.config.system.build.toplevel}/specialisation/etag";
-    justReloadSystem = "${nodes.webserver.config.system.build.toplevel}/specialisation/config-reload";
-  in ''
-    url = "http://localhost/example.html"
-    webserver.wait_for_unit("caddy")
-    webserver.wait_for_open_port("80")
+    testScript = { nodes, ... }:
+      let
+        etagSystem = "${nodes.webserver.config.system.build.toplevel}/specialisation/etag";
+        justReloadSystem = "${nodes.webserver.config.system.build.toplevel}/specialisation/config-reload";
+        multipleConfigs = "${nodes.webserver.config.system.build.toplevel}/specialisation/multiple-configs";
+      in
+      ''
+        url = "http://localhost/example.html"
+        webserver.wait_for_unit("caddy")
+        webserver.wait_for_open_port("80")
 
 
-    def check_etag(url):
-        etag = webserver.succeed(
-            "curl --fail -v '{}' 2>&1 | sed -n -e \"s/^< [Ee][Tt][Aa][Gg]: *//p\"".format(
-                url
+        def check_etag(url):
+            etag = webserver.succeed(
+                "curl --fail -v '{}' 2>&1 | sed -n -e \"s/^< [Ee][Tt][Aa][Gg]: *//p\"".format(
+                    url
+                )
             )
-        )
-        etag = etag.replace("\r\n", " ")
-        http_code = webserver.succeed(
-            "curl --fail --silent --show-error -o /dev/null -w \"%{{http_code}}\" --head -H 'If-None-Match: {}' {}".format(
-                etag, url
+            etag = etag.replace("\r\n", " ")
+            http_code = webserver.succeed(
+                "curl --fail --silent --show-error -o /dev/null -w \"%{{http_code}}\" --head -H 'If-None-Match: {}' {}".format(
+                    etag, url
+                )
             )
-        )
-        assert int(http_code) == 304, "HTTP code is {}, expected 304".format(http_code)
-        return etag
+            assert int(http_code) == 304, "HTTP code is {}, expected 304".format(http_code)
+            return etag
 
 
-    with subtest("check ETag if serving Nix store paths"):
-        old_etag = check_etag(url)
-        webserver.succeed(
-            "${etagSystem}/bin/switch-to-configuration test >&2"
-        )
-        webserver.sleep(1)
-        new_etag = check_etag(url)
-        assert old_etag != new_etag, "Old ETag {} is the same as {}".format(
-            old_etag, new_etag
-        )
+        with subtest("check ETag if serving Nix store paths"):
+            old_etag = check_etag(url)
+            webserver.succeed(
+                "${etagSystem}/bin/switch-to-configuration test >&2"
+            )
+            webserver.sleep(1)
+            new_etag = check_etag(url)
+            assert old_etag != new_etag, "Old ETag {} is the same as {}".format(
+                old_etag, new_etag
+            )
+
+        with subtest("config is reloaded on nixos-rebuild switch"):
+            webserver.succeed(
+                "${justReloadSystem}/bin/switch-to-configuration test >&2"
+            )
+            webserver.wait_for_open_port("8080")
 
-    with subtest("config is reloaded on nixos-rebuild switch"):
-        webserver.succeed(
-            "${justReloadSystem}/bin/switch-to-configuration test >&2"
-        )
-        webserver.wait_for_open_port("8080")
-  '';
-})
+        with subtest("multiple configs are correctly merged"):
+            webserver.succeed(
+                "${multipleConfigs}/bin/switch-to-configuration test >&2"
+            )
+            webserver.wait_for_open_port("8080")
+            webserver.wait_for_open_port("8081")
+      '';
+  })