tidy up caddy config

2024-12-09 09:17:33 +01:00
parent 1826dd9b4c
commit fc0acdb3ad
7 changed files with 88 additions and 100 deletions
--- a/caddy/Caddyfile
+++ b/caddy/Caddyfile
@@ -1,10 +1,8 @@
-import conf/*.caddy
-
 {
-	import dynamic_dns
-	import auth
-	import geoip2
-	# import layer4
+	import conf/dynamic_dns.caddy
+	import conf/auth.caddy
+	import conf/geoip2.caddy
+	# import conf/layer4.caddy
 }

 (unprotected) {
@@ -18,7 +16,7 @@ import conf/*.caddy

 (protected) {
 	{args[0]}.{$SUBDOMAIN}.{$DOMAIN} {
-		import authentik
+		import conf/authentik.caddy
 		reverse_proxy {args[1]}
 	}
 }
--- a/caddy/conf/auth.caddy
+++ b/caddy/conf/auth.caddy
@@ -1,7 +1,6 @@
-(auth) {
-	order authenticate before respond
-	order authorize before reverse_proxy
-	security {
+order authenticate before respond
+order authorize before reverse_proxy
+security {
 	oauth identity provider generic {
 		realm mine
 		driver generic
@@ -45,5 +44,4 @@
 		validate bearer header
 		inject headers with claims
 	}
-	}
 }
--- a/caddy/conf/authentik.caddy
+++ b/caddy/conf/authentik.caddy
@@ -1,6 +1,5 @@
-(authentik) {
-	reverse_proxy /outpost.goauthentik.io/* http://host:19000
-	forward_auth http://host:19000 {
+reverse_proxy /outpost.goauthentik.io/* http://host:19000
+forward_auth http://host:19000 {
 	uri /outpost.goauthentik.io/auth/caddy?rd={http.request.uri}
 	copy_headers {
 		X-Authentik-Username
@@ -23,5 +22,4 @@
 		X-Custom-Password
 		X-User-Header
 	}
-	}
 }
--- a/caddy/conf/dynamic_dns.caddy
+++ b/caddy/conf/dynamic_dns.caddy
@@ -1,9 +1,7 @@
-(dynamic_dns) {
-	dynamic_dns {
+dynamic_dns {
 	provider route53
 	domains {
 		{$DOMAIN}. {$SUBDOMAIN}
 	}
 	versions ipv4
-	}
 }
--- a/caddy/conf/geoip2.caddy
+++ b/caddy/conf/geoip2.caddy
@@ -1,6 +1,5 @@
-(geoip2) {
-	order geoip2_vars first
-	geoip2 {
+order geoip2_vars first
+geoip2 {
 	#	accountId {$GEO_ACCOUNT_ID}
 	#	licenseKey {$GEO_API_KEY}
 	databaseDirectory /data/caddy/geoip/
@@ -8,5 +7,4 @@
 	editionID GeoLite2-City
 	updateUrl https://updates.maxmind.com
 	updateFrequency 86400 # in seconds
-	}
 }
--- a/caddy/conf/layer4.caddy
+++ b/caddy/conf/layer4.caddy
@@ -1,10 +1,8 @@
-(layer4) {
-	layer4 {
+layer4 {
 	:443 {
 		@openvpn openvpn
 		route @openvpn {
 			proxy host:444 # Proxy OpenVPN traffic to its backend
 		}
 	}
-	}
 }
--- a/caddy/sites/geo.caddy
+++ b/caddy/sites/geo.caddy
@@ -9,7 +9,7 @@ geo.{$SUBDOMAIN}.{$DOMAIN} {
 	# trusted_proxies: Trust 'X-Forwarded-For' header_up if trusted_proxies is also valid (see https://caddyserver.com/docs/caddyfile/options#trusted-proxies)
 	# default: trusted_proxies

-	@geofilter expression ({geoip2.country_code} == "NL")
+	@geofilter expression ({geoip2.country_code} != "FR")

 	route @geofilter {
 		reverse_proxy host:12345 {