From 0405fb64af9d2e0a46440d1be5321d1bd11818e0 Mon Sep 17 00:00:00 2001
From: Tyler Mayoff <tyler@mayoff.ca>
Date: Sat, 29 Nov 2025 19:47:25 -0500
Subject: [PATCH] add cloudflare DNS challenge

---
 dot_config/flake/machines/saffron/configuration.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/dot_config/flake/machines/saffron/configuration.nix b/dot_config/flake/machines/saffron/configuration.nix
index eb29af7..ae43808 100644
--- a/dot_config/flake/machines/saffron/configuration.nix
+++ b/dot_config/flake/machines/saffron/configuration.nix
@@ -25,11 +25,19 @@
 
   networking.hostName = "saffron"; # Define your hostname.
 
-  # Caddy reverse proxy
+  # Caddy reverse proxy with DNS challenge
   services.caddy = {
     enable = true;
+    package = pkgs.caddy.withPlugins {
+      plugins = ["github.com/caddy-dns/cloudflare"];
+      vendorHash = "sha256-A9V8WgJnalU3YzuKu3D1wJjSC1MQaH2HvOvBdLzFWl4=";
+    };
+    environmentFile = "/etc/caddy/environment";
     virtualHosts."rss.mayoff.ca" = {
       extraConfig = ''
+        tls {
+          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        }
         reverse_proxy MINIFLUX_TAILSCALE_IP:PORT
       '';
     };