nix-stuff/roles/server/caddy.nix

{config, ...}: let
  manualHostname = "manual.everest.tailscale";
in {
  services.caddy = {
    enable = true;
    globalConfig = ''
      pki {
        ca local {
          name "Caddy (Everest) local CA"
        }
      }
    '';
    extraConfig = ''
      (tailscale) {
        tls internal
        bind 100.73.96.48
      }
    '';
    virtualHosts.nixos-manual = {
      hostName = manualHostname;
      extraConfig = ''
        import tailscale
        file_server
        root * ${config.system.build.manual.manualHTML}/share/doc/nixos
      '';
    };
  };
  services.dnsmasq.settings.cname = ["${manualHostname},everest"];
}