website: caddy cloudflare package

modules/nixos/server/services/website/default.nix

@@ -15,7 +15,10 @@
   };
 in {
   config = mkIf (elem "website" services) {
-    ooknet.server.webserver.caddy.enable = true;
+    ooknet.server.webserver.caddy = {
+      enable = true;
+      cloudflare.enable = true;
+    };
     systemd.tmpfiles.settings.websiteDirs = {
       "/var/www"."d" = websitePermissions;
       "/var/www/ooknet.org"."d" = websitePermissions;
@@ -45,29 +48,31 @@ in {
     };
 
     # using caddy because it makes my life easy
-    services.caddy.virtualHosts = {
-      "ooknet.org".extraConfig =
-        # sh
-        ''
-          encode zstd gzip
+    services.caddy = {
+      virtualHosts = {
+        "ooknet.org".extraConfig =
+          # sh
+          ''
+            encode zstd gzip
 
-          header {
-            Strict-Transport-Security "max-age=31536000;"
-            X-XSS-Protection "1; mode=block"
-            X-Frame-Options "DENY"
-            X-Content-Type-Options "nosniff"
-            -Server
+            header {
+              Strict-Transport-Security "max-age=31536000;"
+              X-XSS-Protection "1; mode=block"
+              X-Frame-Options "DENY"
+              X-Content-Type-Options "nosniff"
+              -Server
 
 
-            Referrer-Policy: no-referrer
-          }
+              Referrer-Policy "no-referrer"
+            }
 
-          root * /var/www/ooknet.org/
-          file_server
+            root * /var/www/ooknet.org/
+            file_server
+          '';
+        "www.ooknet.org".extraConfig = ''
+          redir https://ooknet.org{uri} permanent
         '';
-      "www.ooknet.org".extraConfig = ''
-        redir https://ooknet.org{uri}
-      '';
+      };
     };
   };
 }