try to statically set caddy to prevent cloudflare hash breaking

2025-10-12 09:33:15 +00:00 · 2025-10-11 13:27:44 -04:00
2 changed files with 16 additions and 4 deletions
--- a/pkgs/caddy/package.nix
+++ b/pkgs/caddy/package.nix
@@ -0,0 +1,15 @@
+# Caddy with Cloudflare DNS
+
+{
+  pkgs,
+  ...
+}:
+
+# Maintain a static version so that the plugin hash doesn't keep breaking
+(pkgs.caddy.override {
+  version = "2.10.2";
+}).withPlugins
+  {
+    plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
+    hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI=";
+  }
--- a/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix
@@ -66,10 +66,7 @@ in
    nmasur.presets.services.caddy.cidrAllowlist = cloudflareIpRanges;

    # Tell Caddy to use Cloudflare DNS for ACME challenge validation
-    services.caddy.package = pkgs.caddy.withPlugins {
-      plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
-      hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI=";
-    };
+    services.caddy.package = pkgs.nmasur.caddy;
    nmasur.presets.services.caddy.tlsPolicies = [
      {
        issuers = [