mirror of https://gitlab.com/curben/blog
				
				
				
			post: Installing Caddy plugins in NixOS
This commit is contained in:
		
							parent
							
								
									2957b240f8
								
							
						
					
					
						commit
						c45ed4566f
					
				|  | @ -0,0 +1,108 @@ | |||
| --- | ||||
| title: Installing Caddy plugins in NixOS | ||||
| excerpt: By using custom package | ||||
| date: 2021-12-27 | ||||
| tags: | ||||
| - caddy | ||||
| - nixos | ||||
| --- | ||||
| 
 | ||||
| Caddy, like any other web servers, is extensible through plugins. Plugin is usually installed using [xcaddy](https://github.com/caddyserver/xcaddy); using it is as easy as `$ xcaddy build --with github.com/caddyserver/ntlm-transport` to build the latest caddy binary with [ntlm-transport](https://github.com/caddyserver/ntlm-transport) plugin. | ||||
| 
 | ||||
| NixOS has its [own way](https://nixos.org/manual/nixpkgs/stable/#sec-language-go) of building Go package (Caddy is written in Go), so using xcaddy may be counterintuitive. The _Nix_-way to go is to build a custom package using a "*.nix" file and instruct the service (also known as a _module_ in Nix ecosystem) to use that package instead of the repo's. | ||||
| 
 | ||||
| In NixOS, the Caddy module has long included [`services.caddy.package`](https://search.nixos.org/options?channel=21.11&show=services.caddy.package&from=0&size=50&sort=relevance&type=packages&query=caddy) option to specify custom package. It was primarily used as a way to install Caddy 2 from the unstable channel (`unstable.caddy`) because the package in stable channel (`pkgs.caddy`) of NixOS 20.03 is still Caddy 1. I talked about that option in a {% post_link caddy-v2-nixos 'previous post' %}. | ||||
| 
 | ||||
| Aside from installing Caddy from different channel, that option can also be used to specify a custom package by using [`pkgs.callPackage`](https://nixos.org/guides/nix-pills/callpackage-design-pattern.html). I {% post_link custom-package-nixos-module 'previously used' %} `callPackage` as a workaround to install cloudflared in a IPv6-only instance from a repository other than GitHub because GitHub doesn't support IPv6 yet. | ||||
| 
 | ||||
| If a custom package is defined in "/etc/caddy/custom-package.nix", then the configuration will be: | ||||
| 
 | ||||
| ``` nix /etc/nixos/configuration.nix | ||||
|   services.caddy = { | ||||
|     enable = true; | ||||
|     package = pkgs.callPackage /etc/caddy/custom-package.nix { }; | ||||
|   }; | ||||
| ``` | ||||
| 
 | ||||
| ## Custom package | ||||
| 
 | ||||
| The following package patches the "[main.go](https://github.com/caddyserver/caddy/blob/master/cmd/main.go)" file of the upstream source to insert additional plugins. The code snippet is courtesy of [@diamondburned](https://github.com/diamondburned). The marked lines show how plugins are specified through the `plugins` option. | ||||
| 
 | ||||
| {% codeblock /etc/caddy/custom-package.nix lang:nix https://github.com/NixOS/nixpkgs/issues/89268#issuecomment-636529668 source mark:3,12 %} | ||||
| { lib, buildGoModule, fetchFromGitHub, plugins ? [], vendorSha256 ? "" }: | ||||
| with lib; | ||||
| let imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n"); | ||||
| 
 | ||||
|   main = '' | ||||
|     package main | ||||
| 
 | ||||
|     import ( | ||||
|       caddycmd "github.com/caddyserver/caddy/v2/cmd" | ||||
| 
 | ||||
|       _ "github.com/caddyserver/caddy/v2/modules/standard" | ||||
| ${imports} | ||||
|     ) | ||||
| 
 | ||||
|     func main() { | ||||
|       caddycmd.Main() | ||||
|     } | ||||
|   ''; | ||||
| 
 | ||||
| in buildGoModule rec { | ||||
|   pname = "caddy"; | ||||
|   version = "2.4.6"; | ||||
| 
 | ||||
|   subPackages = [ "cmd/caddy" ]; | ||||
| 
 | ||||
|   src = fetchFromGitHub { | ||||
|     owner = "caddyserver"; | ||||
|     repo = pname; | ||||
|     # https://github.com/NixOS/nixpkgs/blob/nixos-21.11/pkgs/servers/caddy/default.nix | ||||
|     rev = "v${version}"; | ||||
|     sha256 = "sha256-xNCxzoNpXkj8WF9+kYJfO18ux8/OhxygkGjA49+Q4vY="; | ||||
|   }; | ||||
| 
 | ||||
|   inherit vendorSha256; | ||||
| 
 | ||||
|   overrideModAttrs = (_: { | ||||
|     preBuild    = "echo '${main}' > cmd/caddy/main.go"; | ||||
|     postInstall = "cp go.sum go.mod $out/ && ls $out/"; | ||||
|   }); | ||||
| 
 | ||||
|   postPatch = '' | ||||
|     echo '${main}' > cmd/caddy/main.go | ||||
|     cat cmd/caddy/main.go | ||||
|   ''; | ||||
| 
 | ||||
|   postConfigure = '' | ||||
|     cp vendor/go.sum ./ | ||||
|     cp vendor/go.mod ./ | ||||
|   ''; | ||||
| 
 | ||||
|   meta = with lib; { | ||||
|     homepage = https://caddyserver.com; | ||||
|     description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS"; | ||||
|     license = licenses.asl20; | ||||
|     maintainers = with maintainers; [ rushmorem fpletz zimbatm ]; | ||||
|   }; | ||||
| } | ||||
| {% endcodeblock %} | ||||
| 
 | ||||
| ## Install custom package | ||||
| 
 | ||||
| Specify the desired plugins in `services.caddy.package.plugins`: | ||||
| 
 | ||||
| ``` nix /etc/nixos/configuration.nix | ||||
|   services.caddy = { | ||||
|     enable = true; | ||||
|     package = (pkgs.callPackage /etc/caddy/custom-package.nix { | ||||
|       plugins = [ | ||||
|         "github.com/caddyserver/ntlm-transport" | ||||
|         "github.com/caddyserver/forwardproxy" | ||||
|       ]; | ||||
|       vendorSha256 = "0000000000000000000000000000000000000000000000000000"; | ||||
|     }); | ||||
|   }; | ||||
| ``` | ||||
| 
 | ||||
| The above example will install ntlm-transport and [forwardproxy](https://github.com/caddyserver/forwardproxy) plugins. The first run of `nixos-rebuild` will fail due to mismatched `vendorSha256`, simply replace the "000..." with the expected value and the second run should be ok. | ||||
		Loading…
	
		Reference in New Issue