From 68d8e60b7ed7e699af4e9c221ba30dfec8751ff6 Mon Sep 17 00:00:00 2001 From: Noah Masur <7386960+nmasur@users.noreply.github.com> Date: Tue, 30 Sep 2025 16:32:48 -0400 Subject: [PATCH 1/2] try to statically set caddy to prevent cloudflare hash breaking --- pkgs/caddy/package.nix | 15 +++++++++++++++ .../presets/services/cloudflare/cloudflare.nix | 5 +---- 2 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 pkgs/caddy/package.nix diff --git a/pkgs/caddy/package.nix b/pkgs/caddy/package.nix new file mode 100644 index 0000000..82bbf18 --- /dev/null +++ b/pkgs/caddy/package.nix @@ -0,0 +1,15 @@ +# Caddy with Cloudflare DNS + +{ + pkgs, + ... +}: + +# Maintain a static version so that the plugin hash doesn't keep breaking +(pkgs.caddy.override { + version = "2.10.2"; +}).withPlugins + { + plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ]; + hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI="; + } diff --git a/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix b/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix index 353f199..92e86c2 100644 --- a/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix +++ b/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix @@ -66,10 +66,7 @@ in nmasur.presets.services.caddy.cidrAllowlist = cloudflareIpRanges; # Tell Caddy to use Cloudflare DNS for ACME challenge validation - services.caddy.package = pkgs.caddy.withPlugins { - plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ]; - hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI="; - }; + services.caddy.package = pkgs.nmasur.caddy; nmasur.presets.services.caddy.tlsPolicies = [ { issuers = [ From b98c3f04ab2c267652babca1156951d98861f177 Mon Sep 17 00:00:00 2001 From: Noah Masur <7386960+nmasur@users.noreply.github.com> Date: Sun, 12 Oct 2025 17:25:50 +0000 Subject: [PATCH 2/2] fixes for caddy and adding paperless to local dns --- pkgs/caddy/package.nix | 9 ++++++++- platforms/nixos/modules/nmasur/presets/services/bind.nix | 1 + 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/pkgs/caddy/package.nix b/pkgs/caddy/package.nix index 82bbf18..e28404f 100644 --- a/pkgs/caddy/package.nix +++ b/pkgs/caddy/package.nix @@ -2,12 +2,19 @@ { pkgs, + fetchFromGitHub, ... }: # Maintain a static version so that the plugin hash doesn't keep breaking -(pkgs.caddy.override { +(pkgs.caddy.overrideAttrs rec { version = "2.10.2"; + src = fetchFromGitHub { + owner = "caddyserver"; + repo = "caddy"; + tag = "v${version}"; + hash = "sha256-KvikafRYPFZ0xCXqDdji1rxlkThEDEOHycK8GP5e8vk="; + }; }).withPlugins { plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ]; diff --git a/platforms/nixos/modules/nmasur/presets/services/bind.nix b/platforms/nixos/modules/nmasur/presets/services/bind.nix index e86464f..f05ac8e 100644 --- a/platforms/nixos/modules/nmasur/presets/services/bind.nix +++ b/platforms/nixos/modules/nmasur/presets/services/bind.nix @@ -24,6 +24,7 @@ let hostnames.download hostnames.photos hostnames.audiobooks + hostnames.paperless ]; mkRecord = service: "${service} A ${localIp}"; localRecords = lib.concatLines (map mkRecord localServices);