refactor(alt): remove caddy reverse proxy, now on wintermute

Caddy has been migrated to wintermute. Remove the caddy.nix import, delete the config file, and drop ports 80/443 from alt's firewall. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-11 13:12:29 +10:00 · 2026-04-11 13:12:29 +10:00 · 04300c6f50
commit 04300c6f50
parent 8c06225004
2 changed files with 0 additions and 65 deletions
--- a/hosts/alt/caddy.nix
+++ b/hosts/alt/caddy.nix
@ -1,63 +0,0 @@
-{ config, pkgs, inputs, lib, ... }:
-let
-	# String = simple site, Attrset = custom site.
-	sites = {
-		"analytics.figtree.dev" = "http://192.168.80.1:3300";
-		"figtree.dev"           = "http://192.168.1.63:8080";
-		"files.figtree.dev"     = "http://192.168.80.4:8080";
-		"git.figtree.dev"       = "http://192.168.80.8:3000";
-		"nc.figtree.dev"        = "http://192.168.1.62:11000";
-		"paperless.figtree.dev" = "http://192.168.1.63:8010";
-		"photos.figtree.dev"    = "http://192.168.80.1:2283";
-		"shiori.figtree.dev"    = "http://192.168.80.4:8234";
-		"tasks.figtree.dev"     = "http://192.168.80.7:3456";
-		"www.figtree.dev"       = "http://192.168.1.63:8080";
-		"ha.figtree.dev"        = "http://192.168.1.50:8123";
-		# "budget.figtree.dev"    = "http://192.168.80.1:5006";
-
-		# .lan domains now automatically get "tls internal"
-		"home.lan"              = "http://192.168.1.63:3000";
-		"budget.lan"            = "http://192.168.80.1:5006";
-		"torrent.lan"           = "http://192.168.1.65:8080";
-		"books.lan"             = "http://192.168.80.4:8010";
-		"recipes.lan"           = "http://192.168.80.4:8222";
-		"jelly.lan"             = "http://192.168.80.4:8096";
-		"plex.lan"              = "http://192.168.1.63:32400";
-	};
-
-	# Normalize sites:
-	# 1. Turn strings into { backend = "..."; }.
-	# 2. Automatically prepend `tls internal` for any domain ending in .lan.
-	normalizedSites = lib.mapAttrs (domain: siteConfig:
-		let
-			# Ensure siteConfig is an attrset.
-			baseConfig = if lib.isString siteConfig then { backend = siteConfig; } else siteConfig;
-			# Check if it's a .lan domain.
-			isLanDomain = lib.hasSuffix ".lan" domain;
-		in
-			if isLanDomain then
-				baseConfig // {
-					extraBefore = ''
-						tls internal
-						${lib.optionalString (baseConfig ? extraBefore) baseConfig.extraBefore}
-					'';
-				}
-			else
-				baseConfig
-	) sites;
-
-	# Render each vhost from its config.
-	mkVHost = cfg: {
-		extraConfig = ''
-			${lib.optionalString (cfg ? extraBefore) cfg.extraBefore}
-			reverse_proxy ${cfg.backend}
-			${lib.optionalString (cfg ? extra) cfg.extra}
-		'';
-	};
-in
-{
-	services.caddy = {
-		enable = true;
-		virtualHosts = lib.mapAttrs (_: cfg: mkVHost cfg) normalizedSites;
-	};
-}
--- a/hosts/alt/configuration.nix
+++ b/hosts/alt/configuration.nix
@ -12,7 +12,6 @@
      ../modules/kafka-mounts.nix
      ../modules/server.nix
      ../modules/syncthing.nix
-      ./caddy.nix
      ./jellyfin.nix
    ];

@ -25,7 +24,6 @@
  services.syncthing.guiAddress = "0.0.0.0:8384";

  networking.firewall.allowedTCPPorts = [
-    80 443 # caddy
    8000
    8001
    8010 # audio bookshelf