nix(caddy): use wildcards+ switch to njalla

nix/hosts/loki/modules/caddy.nix

@@ -47,6 +47,7 @@ in {
   sops.secrets = {
     "caddy/njallaApiKey".restartUnits = [svc];
     "caddy/email".restartUnits = [svc];
+    "desecToken".restartUnits = [svc];
   };
 
   sops.templates.caddyPls = {
@@ -54,12 +55,17 @@ in {
     content = ''
       (tlsCommon) {
         tls {
-          dns njalla ${p."caddy/njallaApiKey"}
+          # dns njalla ${p."caddy/njallaApiKey"}
+          dns desec {
+            token ${p.desecToken}
+          }
           # propagation_timeout 1m
-          propagation_timeout -1
+          propagation_timeout 2m
+          # propagation_timeout -1
           curves x25519
           key_type p384
           protocols tls1.2 tls1.3
+          # resolvers 8.8.8.8
         }
       }
 
@@ -101,7 +107,10 @@ in {
 
       {
         admin off
-        acme_dns njalla ${p."caddy/njallaApiKey"}
+        # acme_dns njalla ${p."caddy/njallaApiKey"}
+        acme_dns desec {
+          token ${p.desecToken}
+        }
         email ${p."caddy/email"}
         grace_period 60s
 
@@ -111,7 +120,10 @@ in {
         }
       }
 
-      auth.${domain} {
+      *.${domain}, ${domain} {
+      @authentik host auth.${domain}
+      handle @authentik {
+      # auth.${domain} {
         encode zstd br
         log {
           level INFO
@@ -128,7 +140,9 @@ in {
         import headersCommon
       }
 
-      whoami.${domain} {
+      @whoami host whoami.${domain}
+      handle @whoami {
+      # whoami.${domain} {
         encode zstd br
         log {
           level INFO
@@ -141,7 +155,9 @@ in {
         respond "I am whoami"
       }
 
-      gonic.${domain} {
+      @gonic host gonic.${domain}
+      handle @gonic {
+      # gonic.${domain} {
         encode zstd br
         log {
           level INFO
@@ -153,7 +169,9 @@ in {
         reverse_proxy localhost:4747
       }
 
-      ffsync.${domain} {
+      @ffsync host ffsync.${domain}
+      handle @ffsync {
+      # ffsync.${domain} {
         encode zstd br
         log {
           level INFO
@@ -166,7 +184,9 @@ in {
       }
 
       # attic - nix cache.
-      cache.${domain} nixcache.${domain} {
+      @cache host cache.${domain} nixcache.${domain}
+      handle @cache {
+      # cache.${domain} nixcache.${domain} {
         encode zstd br
         log {
           level INFO
@@ -179,7 +199,9 @@ in {
       }
 
       # uptime kuma
-      uptime.${domain} {
+      @uptime host uptime.${domain}
+      handle @uptime {
+      # uptime.${domain} {
         encode zstd br
         log {
           level INFO
@@ -190,6 +212,27 @@ in {
         # import authentik
         reverse_proxy localhost:3001
       }
+
+      # nextcloud
+      @cloud host cloud.${domain}
+      handle @cloud {
+      # cloud.${domain} {
+        encode zstd br
+        log {
+          level INFO
+        }
+
+        import tlsCommon
+        import headersCommon
+        # import authentik
+        reverse_proxy localhost:8078 {
+          transport http {
+            tls
+            tls_insecure_skip_verify
+          }
+        }
+      }
+      }
     '';
   };
 }