feat(darwin): integrate Caddy server with SOPS for secret management

darwin/default.nix

@@ -9,9 +9,13 @@
     name: device:
       nix-darwin.lib.darwinSystem {
         system = device.system;
+        specialArgs = {
+          inherit device;
+        };
         modules = [
           {nixpkgs.overlays = overlays;}
           ./${device.name}/configuration.nix
+          inputs.sops-nix.darwinModules.sops
           home-manager.darwinModules.home-manager
           {
             nixpkgs.config.allowUnfree = true;

darwin/shiro/services/caddy.nix

@@ -14,6 +14,10 @@
   services = {
     caddy = {
       enable = true;
+      environmentFile = config.sops.templates."HETZNER_API_KEY.env".path;
+      globalConfig = ''
+        debug
+      '';
       extraConfig = ''
         (hetzner) {
             tls {
@@ -26,17 +30,8 @@
       '';
       package = pkgs.caddy.withPlugins {
         plugins = ["github.com/caddy-dns/hetzner@v1.0.0"];
-        # hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ=";
-        # hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ="
         hash = "sha256-YUrprDZQL+cX3P8fVLKHouXTMG4rw3sCaQdGqiq37uA=";
       };
     };
   };
-  systemd.services.caddy = {
-    serviceConfig = {
-      EnvironmentFile = config.sops.templates."HETZNER_API_KEY.env".path;
-      Requires = ["sops.service"];
-      After = ["sops.service"];
-    };
-  };
 }

darwin/shiro/services/default.nix

@@ -1,10 +1,12 @@
 {...}: {
   imports = [
+    ../../../modules/darwin/caddy
     ./yabai.nix
     ./skhd.nix
     ./tailscale.nix
     ./autossh.nix
-    # ./caddy.nix
+    ./caddy.nix
+    ./sops.nix
     # ./lmstudio.nix
     # ./colima.nix
     # ./zerotier.nix

darwin/shiro/services/sops.nix

@@ -0,0 +1,13 @@
+{
+  # config,
+  # pkgs,
+  inputs,
+  device,
+  ...
+}: {
+  sops = {
+    defaultSopsFile = ../../../secrets/secrets.yaml;
+    defaultSopsFormat = "yaml";
+    age.keyFile = "/Users/${device.user}/.config/sops/age/keys.txt";
+  };
+}