services/caddy: use caddy-l4

flake.lock

@@ -1,5 +1,20 @@
 {
   "nodes": {
+    "caddy-nix": {
+      "locked": {
+        "lastModified": 1732948222,
+        "narHash": "sha256-kUWyjeqkU+RHTHVXT61QF19eW2vnWgah5OcPrUlU8oU=",
+        "owner": "vincentbernat",
+        "repo": "caddy-nix",
+        "rev": "9d13eb684b4ba1b2eb92e76f7ea1f517eccc4fe1",
+        "type": "github"
+      },
+      "original": {
+        "owner": "vincentbernat",
+        "repo": "caddy-nix",
+        "type": "github"
+      }
+    },
     "crane": {
       "inputs": {
         "nixpkgs": [
@@ -413,6 +428,7 @@
     },
     "root": {
       "inputs": {
+        "caddy-nix": "caddy-nix",
         "devshell": [
           "rebmit",
           "devshell"

flake.nix

@@ -64,6 +64,7 @@
       url = "github:nix-community/nixpkgs-terraform-providers-bin";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    caddy-nix.url = "github:vincentbernat/caddy-nix";
 
     # libraries
 

flake/nixpkgs.nix

@@ -7,6 +7,9 @@ let
     inputs.rebmit.overlays.default
     inputs.nixpkgs-terraform-providers-bin.overlay
 
+    # TODO: wait for https://nixpkgs-tracker.ocfox.me/?pr=358586
+    inputs.caddy-nix.overlays.default
+
     (final: prev: {
       libadwaita = prev.libadwaita.overrideAttrs (old: {
         patches = (old.patches or [ ]) ++ [

nixos/profiles/services/caddy/default.nix

@@ -1,8 +1,17 @@
-{ config, mylib, ... }:
+{
+  config,
+  pkgs,
+  mylib,
+  ...
+}:
 {
   services.caddy = {
     enable = true;
     enableReload = true;
+    package = pkgs.caddy.withPlugins {
+      plugins = [ "github.com/mholt/caddy-l4@3c6cc2c0ee0875899fde271fbdef95be3fef7a92" ];
+      hash = "sha256-s5LzVOAvVsZxbhdgIdpe1OBSHIAc/tCi+1pEofeQx6k=";
+    };
   };
 
   systemd.services.caddy.serviceConfig = mylib.misc.serviceHardened // {