# Caddy config for the cargoxx binary cache.
#
# The router does PAT (port forwarding) so the *external* world reaches
# us at the standard 80/443 but the *internal* ports are different.
# `http_port` and `https_port` below must match the internal ports the
# router forwards to. Override via runner/.env:
#
#   CADDY_HTTP_PORT=8080
#   CADDY_HTTPS_PORT=8443
#
# (Those env vars are picked up by compose.yml to publish the ports
# AND injected into this Caddyfile via the {$VAR:default} substitution
# below — Caddy expands env vars natively.)

{
	# Internal ports — must equal whatever the router forwards 80/443 to.
	http_port  {$CADDY_HTTP_PORT:8080}
	https_port {$CADDY_HTTPS_PORT:8443}
	# ACME's HTTP-01 challenge probe still arrives at host:80 → router
	# → :8080; Caddy answers it on the internal port. Auto cert works
	# as long as the PAT maps 80 → CADDY_HTTP_PORT and 443 → CADDY_HTTPS_PORT.
	email vorontsov@amadey.xyz
}

cache.cargoxx.amadey.xyz {
	root * /srv/cache
	file_server

	# narinfo / nar are immutable per content hash → cache aggressively.
	@cache_immutable path *.narinfo *.nar.xz *.nar
	header @cache_immutable Cache-Control "public, immutable, max-age=31536000"

	# Substituter probe; short cache so new entries land quickly.
	@cache_info path /nix-cache-info
	header @cache_info Cache-Control "public, max-age=300"

	log {
		output file /data/access.log {
			roll_size 50MiB
			roll_keep 5
		}
	}
}
