From 4b5463471a96de47bb17f4db8139f9c8807dc534 Mon Sep 17 00:00:00 2001
From: Adithya Nair <adtya@adtya.xyz>
Date: Sat, 14 Sep 2024 16:57:22 +0530
Subject: [PATCH] all: setup caddy to use DNS challenge

---
 hosts/shared/caddy.nix | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/hosts/shared/caddy.nix b/hosts/shared/caddy.nix
index b745efa..b21ee24 100644
--- a/hosts/shared/caddy.nix
+++ b/hosts/shared/caddy.nix
@@ -1,9 +1,22 @@
-{ inputs, pkgs, ... }: {
+{ config, inputs, pkgs, ... }: {
+  sops = {
+    secrets = {
+      "digitalocean/token_file" = {
+        mode = "444";
+        owner = config.users.users.root.name;
+        group = config.users.users.root.group;
+      };
+    };
+  };
   services.caddy = {
     enable = true;
     package = inputs.caddy.packages.${pkgs.system}.caddy;
     email = "admin@acomputer.lol";
+    globalConfig = ''
+      acme_dns digitalocean {env.DO_API_TOKEN}
+    '';
   };
+  systemd.services.caddy.serviceConfig.EnvironmentFile = config.sops.secrets."digitalocean/token_file".path;
   networking.firewall.allowedTCPPorts = [ 80 443 ];
 }