From 2b1e9119dcd977e89960d044fb5a522002575240 Mon Sep 17 00:00:00 2001
From: Alexander Wainwright <code@figtree.dev>
Date: Tue, 30 Sep 2025 21:37:07 +1000
Subject: [PATCH 1/3] Add some labels

---
 hosts/alt/configuration.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/hosts/alt/configuration.nix b/hosts/alt/configuration.nix
index 99f2ff8..f40b7f4 100644
--- a/hosts/alt/configuration.nix
+++ b/hosts/alt/configuration.nix
@@ -23,11 +23,12 @@
   networking.firewall.allowedTCPPorts = [
     80 443 # caddy
     8000
-    8010
-    8080
+    8001
+    8010 # audio bookshelf
+    8080 # file browser
     8234 # shiori (non-standard)
     9117
-    8191
+    8191 # flaresolverr
   ];
 
   networking.hostName = "alt"; # Define your hostname.

From 8e949f9a0fd8670e6e7d847db0badfc646bfa046 Mon Sep 17 00:00:00 2001
From: Alexander Wainwright <code@figtree.dev>
Date: Mon, 13 Oct 2025 21:14:32 +1000
Subject: [PATCH 2/3] Refactor caddy and add hosts

---
 hosts/alt/caddy.nix | 38 +++++++++++++++++++++++++++-----------
 1 file changed, 27 insertions(+), 11 deletions(-)

diff --git a/hosts/alt/caddy.nix b/hosts/alt/caddy.nix
index 4d03e97..6aef62f 100644
--- a/hosts/alt/caddy.nix
+++ b/hosts/alt/caddy.nix
@@ -15,19 +15,35 @@ let
 		"ha.figtree.dev"        = "http://192.168.1.50:8123";
 		# "budget.figtree.dev"    = "http://192.168.80.1:5006";
 
-		# Only this one needs extra top-level Caddyfile lines:
-		"budget.box" = {
-			backend = "http://192.168.80.1:5006";
-			extraBefore = ''
-				tls internal
-			'';
-		};
+		# .box domains now automatically get "tls internal"
+		"home.box"              = "http://192.168.1.63:3000";
+		"budget.box"            = "http://192.168.80.1:5006";
+		"torrent.box"           = "http://192.168.1.65:8080";
+		"books.box"             = "http://192.168.80.4:8010";
 	};
 
-	# Turn strings into { backend = "..."; }
-	normalizedSites = lib.mapAttrs (_: v: if lib.isString v then { backend = v; } else v) sites;
+	# Normalize sites:
+	# 1. Turn strings into { backend = "..."; }.
+	# 2. Automatically prepend `tls internal` for any domain ending in .box.
+	normalizedSites = lib.mapAttrs (domain: siteConfig:
+		let
+			# Ensure siteConfig is an attrset.
+			baseConfig = if lib.isString siteConfig then { backend = siteConfig; } else siteConfig;
+			# Check if it's a .box domain.
+			isBoxDomain = lib.hasSuffix ".box" domain;
+		in
+			if isBoxDomain then
+				baseConfig // {
+					extraBefore = ''
+						tls internal
+						${lib.optionalString (baseConfig ? extraBefore) baseConfig.extraBefore}
+					'';
+				}
+			else
+				baseConfig
+	) sites;
 
-	# Render each vhost
+	# Render each vhost from its config.
 	mkVHost = cfg: {
 		extraConfig = ''
 			${lib.optionalString (cfg ? extraBefore) cfg.extraBefore}
@@ -39,6 +55,6 @@ in
 {
 	services.caddy = {
 		enable = true;
-		virtualHosts = lib.mapAttrs (_domain: cfg: mkVHost cfg) normalizedSites;
+		virtualHosts = lib.mapAttrs (_: cfg: mkVHost cfg) normalizedSites;
 	};
 }

From f3e680e906e53dd74066dae6c1ac191f95f374e0 Mon Sep 17 00:00:00 2001
From: Alexander Wainwright <code@figtree.dev>
Date: Mon, 13 Oct 2025 23:03:28 +1000
Subject: [PATCH 3/3] Update lock file

---
 flake.lock | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/flake.lock b/flake.lock
index 6e5ad3b..d25562a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -25,11 +25,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1753592768,
-        "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=",
+        "lastModified": 1758463745,
+        "narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "fc3add429f21450359369af74c2375cb34a2d204",
+        "rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
         "type": "github"
       },
       "original": {
@@ -76,11 +76,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1755078291,
-        "narHash": "sha256-Hu/gTDoi4uy6TAKISPHQusSMy8U6xUbLSDjKBYdhDIY=",
+        "lastModified": 1760139962,
+        "narHash": "sha256-4xggC56Rub3WInz5eD7EZWXuLXpNvJiUPahGtMkwtuc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3385ca0cd7e14c1a1eb80401fe011705ff012323",
+        "rev": "7e297ddff44a3cc93673bb38d0374df8d0ad73e4",
         "type": "github"
       },
       "original": {