From a15a2c89bcf96854bc08caefa1c5c048656a2779 Mon Sep 17 00:00:00 2001
From: cnst <adam@cnst.dev>
Date: Wed, 16 Jul 2025 05:51:30 +0200
Subject: [PATCH] cloudflare stuff

---
 modules/server/caddy/default.nix |   6 ++++++
 secrets/cloudflare-env.age       | Bin 0 -> 604 bytes
 secrets/secrets.nix              |   1 +
 3 files changed, 7 insertions(+)
 create mode 100644 secrets/cloudflare-env.age

diff --git a/modules/server/caddy/default.nix b/modules/server/caddy/default.nix
index 57a14dba..c7a914bc 100644
--- a/modules/server/caddy/default.nix
+++ b/modules/server/caddy/default.nix
@@ -12,6 +12,11 @@ in {
     server.caddy.enable = mkEnableOption "Enables caddy";
   };
   config = mkIf cfg.enable {
+    age.secrets.cloudflare-env = {
+      file = "${self}/secrets/cloudflare-env.age";
+      owner = "caddy";
+      mode = "400";
+    };
     networking.firewall = let
       ports = [80 443];
     in {
@@ -21,6 +26,7 @@ in {
 
     services.caddy = {
       enable = true;
+      environmentFile = config.age.secrets.cloudflare-env.path;
       # package = self.packages.${pkgs.system}.caddy-with-plugins;
     };
   };
diff --git a/secrets/cloudflare-env.age b/secrets/cloudflare-env.age
new file mode 100644
index 0000000000000000000000000000000000000000..0aa737fafa70bf5f882fa31b17e38e1b62461e59
GIT binary patch
literal 604
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSHvCQ;$O;?E0b~f|M
z3@AtoPxOv*i83g54~fV$^T`SFa?kJ#$_y&^H7YmANlPvdG2k){arZSgDoSz9^$1UN
zN%Ob#NlqzrbPour@-EIQE=~0+3Czl<%r7YLNJh8KJ2cYQ%~2u0Ak`!!#iTIUSU<%h
zG2b91F*z#VB{DU+K;NxQ-@wT`rP8r9zo5j&Ae+m{s4&glpi(=l&^;qWyC|$EExafv
zJTWiIA~!oUBh@7^%*Q`D!a3M2#}(Z+bF-j~&_IPUj}oJjL<`gOjI;>%9LKB>L(lM(
zP}72_NK13qlyXxK^AIyf@021J<6^F=<d7i84BsS=aBt&a%Z$wAqD+HipUfOH{m@XC
zT+fm!(~1x`v&2&02n@e@rCAggmMf%|S6M~|dbpHi8kbf?8I-1Hxf}Z#I9n9whGmAP
zh5M9MBpGIF8yf{@nQ)nyr&LvV1%(?FrduQ$2Nh=r7MnX)ng>=D7w5aDc^G8s`{$+w
zm>K1mm2>Ip>MBGAM&(uHRFni-xI35lmIRiiq=l5`TO@}1WIDQ(c?X&qyP5k%Mh2T_
z<Z~Sj-Wd=kW;*wPew-iAPk+A7TSu96uANPlJp8;+DsdSHQ$G){)%NyH=U9U#Pj9`a
zQ@T`nrr_0CKi?<v+0Fb`xjK{a!h)3!IikC@*3al#&fs`+YjIJ&3Qxu5^xh9VaR6Lq
B&n5r>

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 9a4581d3..c1a109b9 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -10,5 +10,6 @@ in {
   "keypem.age".publicKeys = [cnst kima];
   "mailpwd.age".publicKeys = [cnst kima];
   "gcapi.age".publicKeys = [cnst kima];
+  "cloudflare-env.age".publicKeys = [cnst kima usobotka rsobotka];
   "vaultwarden-env.age".publicKeys = [cnst kima usobotka rsobotka];
 }