add cloudflare DNS challenge

dot_config/flake/machines/saffron/configuration.nix

@@ -25,11 +25,19 @@
 
   networking.hostName = "saffron"; # Define your hostname.
 
-  # Caddy reverse proxy
+  # Caddy reverse proxy with DNS challenge
   services.caddy = {
     enable = true;
+    package = pkgs.caddy.withPlugins {
+      plugins = ["github.com/caddy-dns/cloudflare"];
+      vendorHash = "sha256-A9V8WgJnalU3YzuKu3D1wJjSC1MQaH2HvOvBdLzFWl4=";
+    };
+    environmentFile = "/etc/caddy/environment";
     virtualHosts."rss.mayoff.ca" = {
       extraConfig = ''
+        tls {
+          dns cloudflare {env.CLOUDFLARE_API_TOKEN}
+        }
         reverse_proxy MINIFLUX_TAILSCALE_IP:PORT
       '';
     };