From f62a61275841aa8aea1d755087327f5c0761da9e Mon Sep 17 00:00:00 2001
From: Chris Toph <toph@ryot.foo>
Date: Sat, 14 Jun 2025 01:18:26 -0400
Subject: [PATCH] Replace Caddy with Newt service config

- Remove Caddy config files for multiple hosts
- Add Newt service configuration to cloud, komo, and sock
---
 hosts/x86/cloud/config/caddy.nix |  20 ------
 hosts/x86/cloud/config/newt.nix  |   7 ++
 hosts/x86/cloud/default.nix      |   1 -
 hosts/x86/komo/config/caddy.nix  | 119 -------------------------------
 hosts/x86/komo/config/newt.nix   |   8 +++
 hosts/x86/sock/config/caddy.nix  |  20 ------
 hosts/x86/sock/config/newt.nix   |   7 ++
 hosts/x86/sock/default.nix       |   1 -
 8 files changed, 22 insertions(+), 161 deletions(-)
 delete mode 100644 hosts/x86/cloud/config/caddy.nix
 create mode 100644 hosts/x86/cloud/config/newt.nix
 delete mode 100644 hosts/x86/komo/config/caddy.nix
 create mode 100644 hosts/x86/komo/config/newt.nix
 delete mode 100644 hosts/x86/sock/config/caddy.nix
 create mode 100644 hosts/x86/sock/config/newt.nix

diff --git a/hosts/x86/cloud/config/caddy.nix b/hosts/x86/cloud/config/caddy.nix
deleted file mode 100644
index 6794020..0000000
--- a/hosts/x86/cloud/config/caddy.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  services.caddy = {
-    enable = true;
-    virtualHosts = {
-      ## Filerun ##
-      "drive.ryot.foo" = {
-        useACMEHost = "ryot.foo";
-        extraConfig = ''
-          reverse_proxy http://localhost:8181 {
-            header_up Host {host}
-            # header_up X-Forwarded-For {remote}
-            # header_up X-Forwarded-Proto {scheme}
-            # header_up X-Forwarded-Protocol {scheme}
-            # header_up X-Forwarded-Port {server_port}
-          }
-        '';
-      };
-    };
-  };
-}
diff --git a/hosts/x86/cloud/config/newt.nix b/hosts/x86/cloud/config/newt.nix
new file mode 100644
index 0000000..dec999f
--- /dev/null
+++ b/hosts/x86/cloud/config/newt.nix
@@ -0,0 +1,7 @@
+{
+  services.newt = {
+    enable = true;
+    id = "v0d4o5oras85zq8";
+    secret = "zyqht58kymdv4iij6t4no4ldnr7djg7wbfec95olnsg8jzf2";
+  };
+}
diff --git a/hosts/x86/cloud/default.nix b/hosts/x86/cloud/default.nix
index 867e5c8..08bf9f6 100644
--- a/hosts/x86/cloud/default.nix
+++ b/hosts/x86/cloud/default.nix
@@ -31,7 +31,6 @@ in
       "hosts/global/core"
 
       ## Optional Configs ##
-      "hosts/global/common/acme"
       "hosts/global/common/docker.nix"
     ])
   ];
diff --git a/hosts/x86/komo/config/caddy.nix b/hosts/x86/komo/config/caddy.nix
deleted file mode 100644
index 088356d..0000000
--- a/hosts/x86/komo/config/caddy.nix
+++ /dev/null
@@ -1,119 +0,0 @@
-{
-  services.caddy = {
-    enable = true;
-    virtualHosts = {
-
-      ## TOPH.CC ##
-
-      "blog.toph.cc" = {
-        useACMEHost = "toph.cc";
-        extraConfig = ''
-          reverse_proxy localhost:2368
-        '';
-      };
-
-      ## RYOT.FOO ##
-
-      "auth.ryot.foo" = {
-        useACMEHost = "ryot.foo";
-        extraConfig = ''
-          reverse_proxy localhost:9000 {
-            header_up Host {host}
-            header_up X-Forwarded-For {remote}
-            header_up X-Forwarded-Proto {scheme}
-            header_up X-Forwarded-Protocol {scheme}
-            header_up X-Forwarded-Port {server_port}
-          }
-        '';
-      };
-
-      "frp.ryot.foo" = {
-        useACMEHost = "ryot.foo";
-        extraConfig = ''
-          route {
-            # 1) Proxy all outpost requests back to Authentik
-            reverse_proxy /outpost.goauthentik.io/* localhost:9000
-
-            # 2) Protect everything else via forward_auth
-            forward_auth localhost:9000 {
-              uri     /outpost.goauthentik.io/auth/caddy
-              # copy user info headers from Authentik
-              copy_headers  X-Authentik-Username X-Authentik-Groups \
-                            X-Authentik-Entitlements X-Authentik-Email \
-                            X-Authentik-Name X-Authentik-Uid \
-                            X-Authentik-Jwt X-Authentik-Meta-Jwks \
-                            X-Authentik-Meta-Outpost X-Authentik-Meta-Provider \
-                            X-Authentik-Meta-App X-Authentik-Meta-Version
-              trusted_proxies private_ranges
-            }
-
-            # 3) If authenticated, proxy to your FRP UI
-            reverse_proxy localhost:4041 {
-              header_up Host             {host}
-              header_up X-Real-IP         {remote}
-              header_up X-Forwarded-For   {remote}
-              header_up X-Forwarded-Proto {scheme}
-              header_up X-Forwarded-Port  {server_port}
-            }
-          }
-        '';
-      };
-
-      "grafana.ryot.foo" = {
-        useACMEHost = "ryot.foo";
-        extraConfig = ''
-          reverse_proxy localhost:3001
-        '';
-      };
-
-      "git.ryot.foo" = {
-        useACMEHost = "ryot.foo";
-        extraConfig = ''
-          reverse_proxy localhost:3003
-        '';
-      };
-
-      "influx.ryot.foo" = {
-        useACMEHost = "ryot.foo";
-        extraConfig = ''
-          reverse_proxy localhost:8086
-        '';
-      };
-
-      "home.ryot.foo" = {
-        useACMEHost = "ryot.foo";
-        extraConfig = ''
-          reverse_proxy localhost:7475
-        '';
-      };
-
-      "komodo.ryot.foo" = {
-        useACMEHost = "ryot.foo";
-        extraConfig = ''
-          reverse_proxy localhost:9120
-        '';
-      };
-
-      "map.ryot.foo" = {
-        useACMEHost = "ryot.foo";
-        extraConfig = ''
-          reverse_proxy localhost:25566
-        '';
-      };
-
-      "outline.ryot.foo" = {
-        useACMEHost = "ryot.foo";
-        extraConfig = ''
-          reverse_proxy localhost:3480 
-        '';
-      };
-
-      "plane.ryot.foo" = {
-        useACMEHost = "ryot.foo";
-        extraConfig = ''
-          reverse_proxy localhost:3000 
-        '';
-      };
-    };
-  };
-}
diff --git a/hosts/x86/komo/config/newt.nix b/hosts/x86/komo/config/newt.nix
new file mode 100644
index 0000000..6966dca
--- /dev/null
+++ b/hosts/x86/komo/config/newt.nix
@@ -0,0 +1,8 @@
+{
+  services.newt = {
+    enable = true;
+    id = "7o2m62kaxpoi5pb";
+    secret = "t97xvz0itdkga6jr8x88oddxijzs73yslpsunlvyqu9xiyys";
+    useHostNetwork = true;
+  };
+}
diff --git a/hosts/x86/sock/config/caddy.nix b/hosts/x86/sock/config/caddy.nix
deleted file mode 100644
index f5b32b6..0000000
--- a/hosts/x86/sock/config/caddy.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  services.caddy = {
-    enable = true;
-    virtualHosts = {
-      "upsnap.ryot.foo" = {
-        useACMEHost = "ryot.foo";
-        extraConfig = ''
-          reverse_proxy localhost:8090
-        '';
-      };
-
-      "sock.ryot.foo" = {
-        useACMEHost = "ryot.foo";
-        extraConfig = ''
-          reverse_proxy localhost:9120
-        '';
-      };
-    };
-  };
-}
diff --git a/hosts/x86/sock/config/newt.nix b/hosts/x86/sock/config/newt.nix
new file mode 100644
index 0000000..e92ca99
--- /dev/null
+++ b/hosts/x86/sock/config/newt.nix
@@ -0,0 +1,7 @@
+{
+  services.newt = {
+    enable = true;
+    id = "3p15lzqz0ep9f46";
+    secret = "8uz056bzh22vuemtsxda31ibiu7jkqmyn1b7bifbqk38nlm4";
+  };
+}
diff --git a/hosts/x86/sock/default.nix b/hosts/x86/sock/default.nix
index 00476fc..f55d382 100644
--- a/hosts/x86/sock/default.nix
+++ b/hosts/x86/sock/default.nix
@@ -31,7 +31,6 @@ in
       "hosts/global/core"
 
       ## Optional Configs ##
-      "hosts/global/common/acme"
       "hosts/global/common/docker.nix"
     ])
   ];