From d3dbe02b018e68adfaad236d366b0e9ffcf25314 Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Mon, 3 Nov 2025 23:35:10 +0100
Subject: [PATCH] caddy: Only install tailscale plugin when tailscale hosts
 exist

---
 modules/system/services/caddy.nix | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/modules/system/services/caddy.nix b/modules/system/services/caddy.nix
index 0e72cc8..9e16a1d 100644
--- a/modules/system/services/caddy.nix
+++ b/modules/system/services/caddy.nix
@@ -70,10 +70,6 @@ in
 
         services.caddy = {
           enable = true;
-          package = pkgs.caddy.withPlugins {
-            plugins = [ "github.com/tailscale/caddy-tailscale@v0.0.0-20250508175905-642f61fea3cc" ];
-            hash = "sha256-bw2ZH+XTQlyYw5LgkVr+oEeL8Nf4j/KO2XQIUrsVpiU=";
-          };
           enableReload = false;
           globalConfig = ''
             admin off
@@ -97,12 +93,18 @@ in
           restartUnits = [ "caddy.service" ];
         };
 
-        services.caddy.globalConfig = ''
-          tailscale {
-            auth_key {file.${config.sops.secrets."tailscale/service-auth-key".path}}
-            ephemeral true
-          }
-        '';
+        services.caddy = {
+          package = pkgs.caddy.withPlugins {
+            plugins = [ "github.com/tailscale/caddy-tailscale@v0.0.0-20250508175905-642f61fea3cc" ];
+            hash = "sha256-bw2ZH+XTQlyYw5LgkVr+oEeL8Nf4j/KO2XQIUrsVpiU=";
+          };
+          globalConfig = ''
+            tailscale {
+              auth_key {file.${config.sops.secrets."tailscale/service-auth-key".path}}
+              ephemeral true
+            }
+          '';
+        };
       })
     ]
   );