Caddy, DNS Challenges; Headscale, Magic_dns

Changed to using Porkbun DNS Challenges for Caddy. This enables wildcard
certificates. Documentation
- https://caddyserver.com/docs/caddyfile/patterns#wildcard-certificates
- https://caddyserver.com/docs/automatic-https#dns-challenge

Changed headscale to use a domain I own instead of the beautiful madoka
OP.

hosts/juri/host.nix

@@ -17,12 +17,14 @@ in {
       forgejoPassword = {
         owner = "forgejo";
       };
+      caddyApi = {};
     };
   };
 
   caddy = {
     enable = true;
     adminEmail = email;
+    environmentFile = config.sops.secrets.caddyApi.path;
     vhosts = {
       "juri.woach.me" = {
         extraConfig = ''
@@ -39,6 +41,12 @@ in {
         extraConfig = ''
           reverse_proxy :${builtins.toString config.headscale.server.port}
         '';
+        serverAliases = [ "*.dns.ginko.woach.me" ];
+      };
+      "juri.${config.services.headscale.settings.dns.base_domain}" = {
+        extraConfig = ''
+          reverse_proxy :${builtins.toString config.fava.port}
+        '';
       };
     };
   };