From a4c3e2a8296d8bdbd621efcf79e2cce54f8ef346 Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Sat, 14 Jun 2025 01:03:43 +0200
Subject: [PATCH] Disable caddy's admin api endpoint

---
 modules/system/services/caddy.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/modules/system/services/caddy.nix b/modules/system/services/caddy.nix
index a0c377c..1d87b8f 100644
--- a/modules/system/services/caddy.nix
+++ b/modules/system/services/caddy.nix
@@ -59,6 +59,7 @@ in
       {
         services.caddy = {
           enable = true;
+          enableReload = false;
           virtualHosts =
             virtualHosts
             |> lib.mapAttrs' (
@@ -79,6 +80,8 @@ in
           package = caddyWithTailscale;
           enableReload = false;
           globalConfig = ''
+            admin off
+
             tailscale {
               auth_key {file.${config.sops.secrets."service-tailscale-auth-key".path}}
             }