From db0569680eca030c7ad0874248fcfd3035d39ffa Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Wed, 27 Aug 2025 21:08:17 +0200
Subject: [PATCH] caddy: Replace option `protocol` with `tls`

---
 hosts/srv-external/default.nix    | 23 ++++++++++++-----------
 modules/system/services/caddy.nix | 14 +++++++-------
 2 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/hosts/srv-external/default.nix b/hosts/srv-external/default.nix
index caf2610..9f330ac 100644
--- a/hosts/srv-external/default.nix
+++ b/hosts/srv-external/default.nix
@@ -32,6 +32,13 @@
         ];
       };
 
+      forgejo = {
+        enable = true;
+        doBackups = true;
+        domain = "git.sstork.dev";
+        ssh.enable = true;
+      };
+
       hedgedoc = {
         enable = true;
         doBackups = true;
@@ -43,31 +50,25 @@
         domain = "tools.sprouted.cloud";
       };
 
-      forgejo = {
-        enable = true;
-        doBackups = true;
-        domain = "git.sstork.dev";
-        ssh.enable = true;
-      };
-
       openspeedtest = {
         enable = true;
         domain = "speedtest.sprouted.cloud";
       };
 
       caddy.virtualHosts = {
+        forgejo = {
+          inherit (config.custom.services.forgejo) domain port;
+        };
         hedgedoc = {
           inherit (config.custom.services.hedgedoc) domain port;
         };
         it-tools = {
           inherit (config.custom.services.it-tools) domain port;
         };
-        forgejo = {
-          inherit (config.custom.services.forgejo) domain port;
-        };
         openspeedtest = {
           inherit (config.custom.services.openspeedtest) domain port;
-          protocol = "http";
+          tls = false;
+          
           extraReverseProxyConfig = ''
             request_buffers 35MiB
             response_buffers 35MiB
diff --git a/modules/system/services/caddy.nix b/modules/system/services/caddy.nix
index 4057801..ee87d4d 100644
--- a/modules/system/services/caddy.nix
+++ b/modules/system/services/caddy.nix
@@ -63,12 +63,9 @@ in
               type = lib.types.port;
               default = null;
             };
-            protocol = lib.mkOption {
-              type = lib.types.enum [
-                "https"
-                "http"
-              ];
-              default = "https";
+            tls = lib.mkOption {
+              type = lib.types.bool;
+              default = true;
             };
             extraReverseProxyConfig = lib.mkOption {
               type = lib.types.lines;
@@ -95,7 +92,10 @@ in
           virtualHosts =
             virtualHosts
             |> lib.mapAttrs' (
-              _: value: lib.nameValuePair "${value.protocol}://${value.domain}" (mkVirtualHostConfig value)
+              _: value:
+              lib.nameValuePair (lib.optionalString (!value.tls) "http://" + value.domain) (
+                mkVirtualHostConfig value
+              )
             );
         };
       }