diff --git a/pkgs/caddy/package.nix b/pkgs/caddy/package.nix new file mode 100644 index 0000000..e28404f --- /dev/null +++ b/pkgs/caddy/package.nix @@ -0,0 +1,22 @@ +# Caddy with Cloudflare DNS + +{ + pkgs, + fetchFromGitHub, + ... +}: + +# Maintain a static version so that the plugin hash doesn't keep breaking +(pkgs.caddy.overrideAttrs rec { + version = "2.10.2"; + src = fetchFromGitHub { + owner = "caddyserver"; + repo = "caddy"; + tag = "v${version}"; + hash = "sha256-KvikafRYPFZ0xCXqDdji1rxlkThEDEOHycK8GP5e8vk="; + }; +}).withPlugins + { + plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ]; + hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI="; + } diff --git a/platforms/nixos/modules/nmasur/presets/services/bind.nix b/platforms/nixos/modules/nmasur/presets/services/bind.nix index e86464f..f05ac8e 100644 --- a/platforms/nixos/modules/nmasur/presets/services/bind.nix +++ b/platforms/nixos/modules/nmasur/presets/services/bind.nix @@ -24,6 +24,7 @@ let hostnames.download hostnames.photos hostnames.audiobooks + hostnames.paperless ]; mkRecord = service: "${service} A ${localIp}"; localRecords = lib.concatLines (map mkRecord localServices); diff --git a/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix b/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix index 353f199..92e86c2 100644 --- a/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix +++ b/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix @@ -66,10 +66,7 @@ in nmasur.presets.services.caddy.cidrAllowlist = cloudflareIpRanges; # Tell Caddy to use Cloudflare DNS for ACME challenge validation - services.caddy.package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ]; - hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI="; - }; + services.caddy.package = pkgs.nmasur.caddy; nmasur.presets.services.caddy.tlsPolicies = [ { issuers = [