From 1c3ca5909bc2e3a85ef070872705dfbac94bbec7 Mon Sep 17 00:00:00 2001
From: Eli Ribble <eli@gleipnir.technology>
Date: Sat, 15 Nov 2025 15:00:39 +0000
Subject: [PATCH] Reverse proxy for tegola through caddy to get TLS

---
 modules/system/tegola.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/system/tegola.nix b/modules/system/tegola.nix
index 0333c77..5900275 100644
--- a/modules/system/tegola.nix
+++ b/modules/system/tegola.nix
@@ -4,6 +4,8 @@ with lib;
 let
 	databaseName = "tegola";
 	databaseUser = "tegola";
+	domainName = "tegola.nidus.cloud";
+	port = 9090;
 	group = "tegola";
 	user = "tegola";
 in {
@@ -21,6 +23,11 @@ in {
 			];
 		};
 		networking.firewall.allowedTCPPorts = [ 9090 ];
+		services.caddy.virtualHosts."${domainName}" = {
+			extraConfig = ''
+				reverse_proxy http://127.0.0.1:${toString port}
+			'';
+		};
 		services.postgresql = {
 			enable = true;
 			ensureDatabases = [databaseName];