Merge branch 'caddy-cloudflare-pkg'

pkgs/caddy/package.nix

@@ -0,0 +1,22 @@
+# Caddy with Cloudflare DNS
+
+{
+  pkgs,
+  fetchFromGitHub,
+  ...
+}:
+
+# Maintain a static version so that the plugin hash doesn't keep breaking
+(pkgs.caddy.overrideAttrs rec {
+  version = "2.10.2";
+  src = fetchFromGitHub {
+    owner = "caddyserver";
+    repo = "caddy";
+    tag = "v${version}";
+    hash = "sha256-KvikafRYPFZ0xCXqDdji1rxlkThEDEOHycK8GP5e8vk=";
+  };
+}).withPlugins
+  {
+    plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
+    hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI=";
+  }

platforms/nixos/modules/nmasur/presets/services/bind.nix

@@ -24,6 +24,7 @@ let
     hostnames.download
     hostnames.photos
     hostnames.audiobooks
+    hostnames.paperless
   ];
   mkRecord = service: "${service}       A       ${localIp}";
   localRecords = lib.concatLines (map mkRecord localServices);

platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix

@@ -66,10 +66,7 @@ in
     nmasur.presets.services.caddy.cidrAllowlist = cloudflareIpRanges;
 
     # Tell Caddy to use Cloudflare DNS for ACME challenge validation
-    services.caddy.package = pkgs.caddy.withPlugins {
+    services.caddy.package = pkgs.nmasur.caddy;
-      plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
-      hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI=";
-    };
     nmasur.presets.services.caddy.tlsPolicies = [
       {
         issuers = [