Caddy, DNS Challenges; Headscale, Magic_dns

Changed to using Porkbun DNS Challenges for Caddy. This enables wildcard certificates. Documentation - https://caddyserver.com/docs/caddyfile/patterns#wildcard-certificates - https://caddyserver.com/docs/automatic-https#dns-challenge Changed headscale to use a domain I own instead of the beautiful madoka OP.
2025-09-16 18:45:24 -07:00 · 2025-09-16 18:45:24 -07:00 · 1e89810074
commit 1e89810074
parent 0447a25a77
4 changed files with 27 additions and 9 deletions
--- a/nixosModules/services/caddy/service.nix
+++ b/nixosModules/services/caddy/service.nix
@ -5,14 +5,28 @@
    enable = lib.mkEnableOption "Enables caddy webserver";
    vhosts = lib.mkOption {};
    adminEmail = lib.mkOption { type = lib.types.str; };
+    environmentFile = lib.mkOption {};
  };

  config = lib.mkIf config.caddy.enable {
    networking.firewall.allowedTCPPorts = [ 80 443 ];
    services.caddy = {
      enable = true;
+      globalConfig = ''
+        acme_dns porkbun {
+          api_key {$APIKEY}
+          api_secret_key {$APISECRETKEY}
+        }
+      '';
+      package = pkgs.caddy.withPlugins {
+        plugins = [ "github.com/caddy-dns/porkbun@v0.3.1" ];
+        hash = "sha256-PUHu+KPywdJMuPLHPtQhUaw3Cv1pED5XQ1MOzlT/6h4=";
+      };
      virtualHosts = config.caddy.vhosts;
      email = config.caddy.adminEmail;
    };
+    systemd.services.caddy.serviceConfig.EnvironmentFile = [ 
+      config.caddy.environmentFile 
+    ];
  };
 }
--- a/nixosModules/services/headscale/service.nix
+++ b/nixosModules/services/headscale/service.nix
@ -17,7 +17,7 @@
      settings = {
        server_url = "https://${config.headscale.server.domain}";
        dns = {
-          base_domain = "connect.claris";
+          base_domain = "dns.${config.headscale.server.domain}";
          override_local_dns = false;
        };
      };