try to statically set caddy to prevent cloudflare hash breaking

2025-10-12 04:53:15 +00:00 · 2025-10-11 13:27:44 -04:00
3 changed files with 40 additions and 28 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -22,11 +22,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758805352,
+        "lastModified": 1755825449,
-        "narHash": "sha256-BHdc43Lkayd+72W/NXRKHzX5AZ+28F3xaUs3a88/Uew=",
+        "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "c48e963a5558eb1c3827d59d21c5193622a1477c",
+        "rev": "8df64f819698c1fee0c2969696f54a843b2231e8",
        "type": "github"
      },
      "original": {
@@ -43,11 +43,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758287904,
+        "lastModified": 1756115622,
-        "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
+        "narHash": "sha256-iv8xVtmLMNLWFcDM/HcAPLRGONyTRpzL9NS09RnryRM=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
+        "rev": "bafad29f89e83b2d861b493aa23034ea16595560",
        "type": "github"
      },
      "original": {
@@ -156,11 +156,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1759850138,
+        "lastModified": 1756477005,
-        "narHash": "sha256-fYHIxjTvVIAEDWzenUROuzDPxy1rBCXZNPgh4b1dfgo=",
+        "narHash": "sha256-e/FNNIT/LPuoruzRQZf5z5L5GApq1G2y2PShy+Lakhs=",
        "owner": "helix-editor",
        "repo": "helix",
-        "rev": "5b0563419eeeaf0595c848865c46be4abad246a7",
+        "rev": "77ff51caa440b1066e0a1920007ab5e148dd4856",
        "type": "github"
      },
      "original": {
@@ -176,11 +176,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1760130406,
+        "lastModified": 1756496801,
-        "narHash": "sha256-GKMwBaFRw/C1p1VtjDz4DyhyzjKUWyi1K50bh8lgA2E=",
+        "narHash": "sha256-IYIsnPy+cJxe8RbDHBrCtfJY0ry2bG2H7WvMcewiGS8=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "d305eece827a3fe317a2d70138f53feccaf890a1",
+        "rev": "77a71380c38fb2a440b4b5881bbc839f6230e1cb",
        "type": "github"
      },
      "original": {
@@ -306,11 +306,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1760038930,
+        "lastModified": 1756386758,
-        "narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=",
+        "narHash": "sha256-1wxxznpW2CKvI9VdniaUnTT2Os6rdRJcRUf65ZK9OtE=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3",
+        "rev": "dfb2f12e899db4876308eba6d93455ab7da304cd",
        "type": "github"
      },
      "original": {
@@ -344,11 +344,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1760150127,
+        "lastModified": 1756524478,
-        "narHash": "sha256-McDmxx/bruodgHLD4sFIl0fKkEkNj5VE3DglImfslrk=",
+        "narHash": "sha256-2oSBlcYCgwrVxUZwM8MV6hBFsfsWFbeN5ErQiCA+38s=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "886a5646695563cbae3c1e10369c6070c7645e73",
+        "rev": "e82a8b0095f54edb6bbbb1d862f3da502dca1396",
        "type": "github"
      },
      "original": {
@@ -382,11 +382,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1759631821,
+        "lastModified": 1740623427,
-        "narHash": "sha256-V8A1L0FaU/aSXZ1QNJScxC12uP4hANeRBgI4YdhHeRM=",
+        "narHash": "sha256-3SdPQrZoa4odlScFDUHd4CUPQ/R1gtH4Mq9u8CBiK8M=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "1d7cbdaad90f8a5255a89a6eddd8af24dc89cafe",
+        "rev": "d342e8b5fd88421ff982f383c853f0fc78a847ab",
        "type": "github"
      },
      "original": {
@@ -484,11 +484,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1759833546,
+        "lastModified": 1755261305,
-        "narHash": "sha256-rOfkgIiiZNPUbf61OqEym60wXEODeDG8XH+gV/SUoUc=",
+        "narHash": "sha256-EOqCupB5X5WoGVHVcfOZcqy0SbKWNuY3kq+lj1wHdu8=",
        "owner": "nix-community",
        "repo": "NixOS-WSL",
-        "rev": "7c0c0f4c3a51761434f18209fa9499b8579ff730",
+        "rev": "203a7b463f307c60026136dd1191d9001c43457f",
        "type": "github"
      },
      "original": {
--- a/pkgs/caddy/package.nix
+++ b/pkgs/caddy/package.nix
@@ -0,0 +1,15 @@
 # Caddy with Cloudflare DNS
 {
  pkgs,
  ...
 }:
 # Maintain a static version so that the plugin hash doesn't keep breaking
 (pkgs.caddy.override {
  version = "2.10.2";
 }).withPlugins
  {
    plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
    hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI=";
  }
--- a/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix
+++ b/platforms/nixos/modules/nmasur/presets/services/cloudflare/cloudflare.nix
@@ -66,10 +66,7 @@ in
    nmasur.presets.services.caddy.cidrAllowlist = cloudflareIpRanges;
    # Tell Caddy to use Cloudflare DNS for ACME challenge validation
-    services.caddy.package = pkgs.caddy.withPlugins {
+    services.caddy.package = pkgs.nmasur.caddy;
      plugins = [ "github.com/caddy-dns/cloudflare@v0.2.1" ];
      hash = "sha256-AcWko5513hO8I0lvbCLqVbM1eWegAhoM0J0qXoWL/vI=";
    };
    nmasur.presets.services.caddy.tlsPolicies = [
      {
        issuers = [