cloudflare stuff

modules/server/caddy/default.nix

@@ -12,6 +12,11 @@ in {
     server.caddy.enable = mkEnableOption "Enables caddy";
   };
   config = mkIf cfg.enable {
+    age.secrets.cloudflare-env = {
+      file = "${self}/secrets/cloudflare-env.age";
+      owner = "caddy";
+      mode = "400";
+    };
     networking.firewall = let
       ports = [80 443];
     in {
@@ -21,6 +26,7 @@ in {
 
     services.caddy = {
       enable = true;
+      environmentFile = config.age.secrets.cloudflare-env.path;
       # package = self.packages.${pkgs.system}.caddy-with-plugins;
     };
   };

secrets/secrets.nix

@@ -10,5 +10,6 @@ in {
   "keypem.age".publicKeys = [cnst kima];
   "mailpwd.age".publicKeys = [cnst kima];
   "gcapi.age".publicKeys = [cnst kima];
+  "cloudflare-env.age".publicKeys = [cnst kima usobotka rsobotka];
   "vaultwarden-env.age".publicKeys = [cnst kima usobotka rsobotka];
 }