From 8e949f9a0fd8670e6e7d847db0badfc646bfa046 Mon Sep 17 00:00:00 2001
From: Alexander Wainwright <code@figtree.dev>
Date: Mon, 13 Oct 2025 21:14:32 +1000
Subject: [PATCH] Refactor caddy and add hosts

---
 hosts/alt/caddy.nix | 38 +++++++++++++++++++++++++++-----------
 1 file changed, 27 insertions(+), 11 deletions(-)

diff --git a/hosts/alt/caddy.nix b/hosts/alt/caddy.nix
index 4d03e97..6aef62f 100644
--- a/hosts/alt/caddy.nix
+++ b/hosts/alt/caddy.nix
@@ -15,19 +15,35 @@ let
 		"ha.figtree.dev"        = "http://192.168.1.50:8123";
 		# "budget.figtree.dev"    = "http://192.168.80.1:5006";
 
-		# Only this one needs extra top-level Caddyfile lines:
-		"budget.box" = {
-			backend = "http://192.168.80.1:5006";
-			extraBefore = ''
-				tls internal
-			'';
-		};
+		# .box domains now automatically get "tls internal"
+		"home.box"              = "http://192.168.1.63:3000";
+		"budget.box"            = "http://192.168.80.1:5006";
+		"torrent.box"           = "http://192.168.1.65:8080";
+		"books.box"             = "http://192.168.80.4:8010";
 	};
 
-	# Turn strings into { backend = "..."; }
-	normalizedSites = lib.mapAttrs (_: v: if lib.isString v then { backend = v; } else v) sites;
+	# Normalize sites:
+	# 1. Turn strings into { backend = "..."; }.
+	# 2. Automatically prepend `tls internal` for any domain ending in .box.
+	normalizedSites = lib.mapAttrs (domain: siteConfig:
+		let
+			# Ensure siteConfig is an attrset.
+			baseConfig = if lib.isString siteConfig then { backend = siteConfig; } else siteConfig;
+			# Check if it's a .box domain.
+			isBoxDomain = lib.hasSuffix ".box" domain;
+		in
+			if isBoxDomain then
+				baseConfig // {
+					extraBefore = ''
+						tls internal
+						${lib.optionalString (baseConfig ? extraBefore) baseConfig.extraBefore}
+					'';
+				}
+			else
+				baseConfig
+	) sites;
 
-	# Render each vhost
+	# Render each vhost from its config.
 	mkVHost = cfg: {
 		extraConfig = ''
 			${lib.optionalString (cfg ? extraBefore) cfg.extraBefore}
@@ -39,6 +55,6 @@ in
 {
 	services.caddy = {
 		enable = true;
-		virtualHosts = lib.mapAttrs (_domain: cfg: mkVHost cfg) normalizedSites;
+		virtualHosts = lib.mapAttrs (_: cfg: mkVHost cfg) normalizedSites;
 	};
 }