task | config w1 to run caddy

hosts/server/default.nix

@@ -159,6 +159,7 @@ in {
     nix-bash-completions
     nixfmt
     pkg-config
+    podman
     poppler_utils
     ruby
     sops

hosts/w1/caddy/Caddyfile

@@ -0,0 +1,84 @@
+w1.duckland.org {
+	tls duck@duckland.org
+	root * /srv/duckland
+	encode gzip
+	file_server
+	header / {
+		Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';"
+		Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
+		X-Xss-Protection = "1; mode=block"
+		X-Frame-Options = "DENY"
+		X-Content-Type-Options = "nosniff"
+		Referrer-Policy = "strict-origin-when-cross-origin"
+		Permissions-Policy = "fullscreen=(self)"
+		cache-control = "max-age=0,no-cache,no-store,must-revalidate"
+	}
+}
+
+w1.donharper.org {
+	tls duck@duckland.org
+	root * /srv/donharper
+	encode gzip
+	file_server
+	header / {
+		Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';"
+		Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
+		X-Xss-Protection = "1; mode=block"
+		X-Frame-Options = "DENY"
+		X-Content-Type-Options = "nosniff"
+		Referrer-Policy = "strict-origin-when-cross-origin"
+		Permissions-Policy = "fullscreen=(self)"
+		cache-control = "max-age=0,no-cache,no-store,must-revalidate"
+	}
+}
+
+w1.donaldharper.com {
+	tls duck@duckland.org
+	root * /srv/donaldharper
+	encode gzip
+	file_server
+	header / {
+		Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';"
+		Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
+		X-Xss-Protection = "1; mode=block"
+		X-Frame-Options = "DENY"
+		X-Content-Type-Options = "nosniff"
+		Referrer-Policy = "strict-origin-when-cross-origin"
+		Permissions-Policy = "fullscreen=(self)"
+		cache-control = "max-age=0,no-cache,no-store,must-revalidate"
+	}
+}
+
+travel.donaldharper.com {
+	tls duck@duckland.org
+	root * /srv/travel
+	encode gzip
+	file_server
+	header / {
+		Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';"
+		Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
+		X-Xss-Protection = "1; mode=block"
+		X-Frame-Options = "DENY"
+		X-Content-Type-Options = "nosniff"
+		Referrer-Policy = "strict-origin-when-cross-origin"
+		Permissions-Policy = "fullscreen=(self)"
+		cache-control = "max-age=0,no-cache,no-store,must-revalidate"
+	}
+}
+
+p365.donaldharper.com {
+	tls duck@duckland.org
+	root * /srv/p365
+	encode gzip
+	file_server
+	header / {
+		Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';"
+		Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
+		X-Xss-Protection = "1; mode=block"
+		X-Frame-Options = "DENY"
+		X-Content-Type-Options = "nosniff"
+		Referrer-Policy = "strict-origin-when-cross-origin"
+		Permissions-Policy = "fullscreen=(self)"
+		cache-control = "max-age=0,no-cache,no-store,must-revalidate"
+	}
+}

hosts/w1/caddy/data/acme/acme-v02.api.letsencrypt.org-directory/users/duck@duckland.org/duck.json

@@ -0,0 +1,9 @@
+{
+	"status": "valid",
+	"contact": [
+		"mailto:duck@duckland.org"
+	],
+	"termsOfServiceAgreed": true,
+	"orders": "",
+	"location": "https://acme-v02.api.letsencrypt.org/acme/acct/1889063386"
+}

hosts/w1/caddy/data/acme/acme-v02.api.letsencrypt.org-directory/users/duck@duckland.org/duck.key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIIlW508VCo9g2ry0ZctG4v45Lno7V2lvZvaDkTXn3JFPoAoGCCqGSM49
+AwEHoUQDQgAEaGMseDmCsS4C/Ka5A/F3diaWkr+PoOuw6H3nEzdU/F2zA4zIO2c1
+CqIVVzAnjC16N/lfZGe8t52KX4waKICrZg==
+-----END EC PRIVATE KEY-----

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/p365.donaldharper.com/p365.donaldharper.com.crt

@@ -0,0 +1,48 @@
+-----BEGIN CERTIFICATE-----
+MIIDijCCAxCgAwIBAgISA9AhiM16asrfpZIUmj/tzKp8MAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNDEyMTAwMTAwNTNaFw0yNTAzMTAwMTAwNTJaMCAxHjAcBgNVBAMTFXAz
+NjUuZG9uYWxkaGFycGVyLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNWS
+1VHfp3F7+crfQK4lpoAwntU3Lhs3TxetipHHQfk/roFHluEdjo5lm1OXcA2QojRh
+qbehDd6h8UguY72Ts7CjggIWMIICEjAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0lBBYw
+FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFPv4
+Idl1KymM8yvZzlIK+ma9NVfFMB8GA1UdIwQYMBaAFJMnRpgDqVFojpjWxEJI2yO/
+WJTSMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL2U2Lm8ubGVu
+Y3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vZTYuaS5sZW5jci5vcmcvMCAGA1Ud
+EQQZMBeCFXAzNjUuZG9uYWxkaGFycGVyLmNvbTATBgNVHSAEDDAKMAgGBmeBDAEC
+ATCCAQMGCisGAQQB1nkCBAIEgfQEgfEA7wB2AHMgIg8IFor588SmiwqyappKAO71
+d4WKCE0FANSlQkRZAAABk65K4SYAAAQDAEcwRQIhAO7+AAp91RRrB8lmjIRAJonN
+EEZyqrQhWs0mxnA8QP0ZAiBDv3Ho0slivZ2f6VNl9VkHjq7RiQ9dH328LnIl2vvB
+mwB1AKLjCuRF772tm3447Udnd1PXgluElNcrXhssxLlQpEfnAAABk65K4SUAAAQD
+AEYwRAIgMyzTNdujxAMGoCCcJ4Ed2WhJSZx4YDYqX6p/MZHPF2UCIEioRkKrPKNn
+1cpl5Z4lS3VtG0GjdhtEq9afVuxQvsWUMAoGCCqGSM49BAMDA2gAMGUCMGs6iyFq
+h0jGjOuEzrjOd5KxKYdGyrDiNYlxAjVnOGyDEtAHEyMg6R8qo+8sZ3PS1wIxAJbD
+l+KnzG7smHrakPH4WI32dTD15kvuLjA/lPy6Co4IRrGYGYGU/PCAjGdNv+yP4g==
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/p365.donaldharper.com/p365.donaldharper.com.json

@@ -0,0 +1,18 @@
+{
+	"sans": [
+		"p365.donaldharper.com"
+	],
+	"issuer_data": {
+		"url": "https://acme-v02.api.letsencrypt.org/acme/cert/03d02188cd7a6acadfa592149a3fedccaa7c",
+		"ca": "https://acme-v02.api.letsencrypt.org/directory",
+		"renewal_info": {
+			"suggestedWindow": {
+				"start": "2025-02-07T01:20:22Z",
+				"end": "2025-02-09T01:20:22Z"
+			},
+			"_uniqueIdentifier": "kydGmAOpUWiOmNbEQkjbI79YlNI.A9AhiM16asrfpZIUmj_tzKp8",
+			"_retryAfter": "2024-12-26T08:30:19.198659209Z",
+			"_selectedTime": "2025-02-08T01:47:23Z"
+		}
+	}
+}

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/p365.donaldharper.com/p365.donaldharper.com.key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILtBFECtXZrLH/F6Arlk4NX7/uOeoGUfiCkJXhGiqGxtoAoGCCqGSM49
+AwEHoUQDQgAE1ZLVUd+ncXv5yt9AriWmgDCe1TcuGzdPF62KkcdB+T+ugUeW4R2O
+jmWbU5dwDZCiNGGpt6EN3qHxSC5jvZOzsA==
+-----END EC PRIVATE KEY-----

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/travel.donaldharper.com/travel.donaldharper.com.crt

@@ -0,0 +1,49 @@
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAxSgAwIBAgISA6cj2ogy1b1c/9HKJyFDAVgAMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNDEyMTEwMDUwNTNaFw0yNTAzMTEwMDUwNTJaMCIxIDAeBgNVBAMTF3Ry
+YXZlbC5kb25hbGRoYXJwZXIuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
+gUu8L7lOH3i3aUvnEdbkRYTC+OQBLVtXhp40mZBoUqHcDFAr7LQZf9K8cN2rKPJQ
+qvhu+9xa2Zybo/Dx98m4V6OCAhgwggIUMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUE
+FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
+JdWr7AwAb5+4OvILFf8ktQS5ZrEwHwYDVR0jBBgwFoAUkydGmAOpUWiOmNbEQkjb
+I79YlNIwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTYuby5s
+ZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNi5pLmxlbmNyLm9yZy8wIgYD
+VR0RBBswGYIXdHJhdmVsLmRvbmFsZGhhcnBlci5jb20wEwYDVR0gBAwwCjAIBgZn
+gQwBAgEwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdgDehYHXUCR8a83Lr1Y3xeeB
+xkzkbtYXY5+PNKcmyeK9NwAAAZOzaBYyAAAEAwBHMEUCIQC9Rg9CyhIx0tpY/t0s
+Cf8zDNywoEDVUKKOzRcX53byEAIgFsvBUqKQwv/3zRpQUjrWGfe9W6/wGSU/u5gJ
+rhivzswAdQATSt8atZhCCXgMb+9MepGkFrcjSc5YV2rfrtqnwqvgIgAAAZOzaBb3
+AAAEAwBGMEQCIAFwHu8t1lIStGV4On/z3K5xUFlc4Nnca23szRrZPrRVAiBUzcLd
+o/DUEd/WmvD3GOFPoIss1xERfBM4LrPiHSbdLzAKBggqhkjOPQQDAwNoADBlAjEA
+ty1AOHFbXPGniJkt1HD7Xsnurb/5U4U0d3gCUlPA8tqrLEs+h5PuOAettlqQOVaL
+AjAWZZpwPF/Ecjg2EAxYCIlTbplpeoJqe3D6sc2W5JBfFLujPPLtsFMDJ/x6eZcz
+4Aw=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/travel.donaldharper.com/travel.donaldharper.com.json

@@ -0,0 +1,18 @@
+{
+	"sans": [
+		"travel.donaldharper.com"
+	],
+	"issuer_data": {
+		"url": "https://acme-v02.api.letsencrypt.org/acme/cert/03a723da8832d5bd5cffd1ca272143015800",
+		"ca": "https://acme-v02.api.letsencrypt.org/directory",
+		"renewal_info": {
+			"suggestedWindow": {
+				"start": "2025-02-08T01:10:22Z",
+				"end": "2025-02-10T01:10:22Z"
+			},
+			"_uniqueIdentifier": "kydGmAOpUWiOmNbEQkjbI79YlNI.A6cj2ogy1b1c_9HKJyFDAVgA",
+			"_retryAfter": "2024-12-26T08:30:19.156733927Z",
+			"_selectedTime": "2025-02-08T14:40:53Z"
+		}
+	}
+}

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/travel.donaldharper.com/travel.donaldharper.com.key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIOPgazRldWjnT192j4o9L3NB6SGGMW9G6e9/uhYBr0rroAoGCCqGSM49
+AwEHoUQDQgAEgUu8L7lOH3i3aUvnEdbkRYTC+OQBLVtXhp40mZBoUqHcDFAr7LQZ
+f9K8cN2rKPJQqvhu+9xa2Zybo/Dx98m4Vw==
+-----END EC PRIVATE KEY-----

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donaldharper.com/www.donaldharper.com.crt

@@ -0,0 +1,48 @@
+-----BEGIN CERTIFICATE-----
+MIIDizCCAxCgAwIBAgISAxIfFeHq7d/qbhPQ8mGDDF9BMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NTAeFw0yNDEyMTAxODMwNTNaFw0yNTAzMTAxODMwNTJaMB8xHTAbBgNVBAMTFHd3
+dy5kb25hbGRoYXJwZXIuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbcs3
+IFu6lFKbf4UGFyFvDbW+LvaA5inRGC2iY11df3r540YlkIQ0NPovYWUufjgpOCjc
+oQIF6ysRfkexcBlpzqOCAhcwggITMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAU
+BggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUKYMN
+oaOF6mRLo0QXS3wtGHkoKHgwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS
+1w0wVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5j
+ci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNS5pLmxlbmNyLm9yZy8wHwYDVR0R
+BBgwFoIUd3d3LmRvbmFsZGhhcnBlci5jb20wEwYDVR0gBAwwCjAIBgZngQwBAgEw
+ggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdgDM+w9qhXEJZf6Vm1PO6bJ8IumFXA2X
+jbapflTA/kwNsAAAAZOyDC7KAAAEAwBHMEUCIQDfnYVHGlAyg7hUlEIvmyMw4Csn
+nggQRSi32nDPwWbUDAIgcKqw7MJ370My5Eg3JA85GqJD/uxhPyUp8dMml/nKMJYA
+dwDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAAAZOyDC7PAAAEAwBI
+MEYCIQCxT+mGc02Uo3v2C3jPWyiSTQXtQ9EyhSWKqpyqvDgamgIhAPC63QIQAviK
+adYZCLAR7o1UEg2CcD1tc7Py8mYufljZMAoGCCqGSM49BAMDA2kAMGYCMQDlnmBZ
+ByVSn5SxGkur6YHd4ujxmyLkRFLZ7DR/IILkllzd9bRtDQNUhr74isDPZG8CMQC8
+p0RPjAliZconPgNJsFw5Ja2GJ7G7a7aXMJ6gIbtkB63spTn5aHWLi3JsN/QiGHY=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
+a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
+VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
+i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
+2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
+bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
+6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
+XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
+koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
+cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
+E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
+K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
+GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
+sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
+VQD9F6Na/+zmXCc=
+-----END CERTIFICATE-----

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donaldharper.com/www.donaldharper.com.json

@@ -0,0 +1,18 @@
+{
+	"sans": [
+		"www.donaldharper.com"
+	],
+	"issuer_data": {
+		"url": "https://acme-v02.api.letsencrypt.org/acme/cert/03121f15e1eaeddfea6e13d0f261830c5f41",
+		"ca": "https://acme-v02.api.letsencrypt.org/directory",
+		"renewal_info": {
+			"suggestedWindow": {
+				"start": "2025-02-07T18:50:22Z",
+				"end": "2025-02-09T18:50:22Z"
+			},
+			"_uniqueIdentifier": "nytfzzwhT50Et-0rLMTGcIvS1w0.AxIfFeHq7d_qbhPQ8mGDDF9B",
+			"_retryAfter": "2024-12-26T08:30:18.978537601Z",
+			"_selectedTime": "2025-02-08T10:00:26Z"
+		}
+	}
+}

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donaldharper.com/www.donaldharper.com.key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEILiXVwvp5AeESeU39H8DsC4v5jDw/UuK70Elcxgp73JRoAoGCCqGSM49
+AwEHoUQDQgAEbcs3IFu6lFKbf4UGFyFvDbW+LvaA5inRGC2iY11df3r540YlkIQ0
+NPovYWUufjgpOCjcoQIF6ysRfkexcBlpzg==
+-----END EC PRIVATE KEY-----

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donharper.org/www.donharper.org.crt

@@ -0,0 +1,48 @@
+-----BEGIN CERTIFICATE-----
+MIIDgzCCAwmgAwIBAgISBD+eusFX00dYKStdrSgtlfMqMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NTAeFw0yNDEyMDkyMDMwNTNaFw0yNTAzMDkyMDMwNTJaMBwxGjAYBgNVBAMTEXd3
+dy5kb25oYXJwZXIub3JnMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEDuXgP4vg
+W9hY1+VhLz/GKCQViDJ8NRRzYl1o0/ckIE5QyGKoE47ETgbyquvkF5+y4rS/l3DR
+p8o+ZBXFY/6fPaOCAhMwggIPMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr
+BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUscmu957l
+hK4urPE5zduhEaUS9QYwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0w
+VQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5v
+cmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNS5pLmxlbmNyLm9yZy8wHAYDVR0RBBUw
+E4IRd3d3LmRvbmhhcnBlci5vcmcwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgor
+BgEEAdZ5AgQCBIH1BIHyAPAAdgBzICIPCBaK+fPEposKsmqaSgDu9XeFighNBQDU
+pUJEWQAAAZOtU7COAAAEAwBHMEUCIHttPVU/eoZ+6lwBfg0FT+1bepVZkiFLTM63
+TI6BDqMFAiEApeuHA9M3aD/UeXIXI6A9maL/43nzkL0GbgeJnsP6S+QAdgCi4wrk
+Re+9rZt+OO1HZ3dT14JbhJTXK14bLMS5UKRH5wAAAZOtU7CEAAAEAwBHMEUCIQCn
+BZRzxfCoPncfHsSVEs7uqSyAdo4LDjNWNVb5OUnCwwIgEh4xOwN3qddNNPsY3frf
+1fiTrMVBY4a7X/FA15CN9yowCgYIKoZIzj0EAwMDaAAwZQIwF86s6VCXh0TLqpSD
+zwRKNrSRy4ltCPQHAGbkym3or5g1tWLfc93ylCg8v/R0eLIxAjEAgpAb4B2tq9o1
+qxhUG3H/zxrkjNrf5d15HvQ7cB1+I38GvVjnKARamiGsUEn2NqiV
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQNCzqK
+a2GOtu/cX1jnxkJFVKtj9mZhSAouWXW0gQI3ULc/FnncmOyhKJdyIBwsz9V8UiBO
+VHhbhBRrwJCuhezAUUE8Wod/Bk3U/mDR+mwt4X2VEIiiCFQPmRpM5uoKrNijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSfK1/PPCFPnQS37SssxMZw
+i9LXDTAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAH3KdNEVCQdqk0LKyuNImTKdRJY1C
+2uw2SJajuhqkyGPY8C+zzsufZ+mgnhnq1A2KVQOSykOEnUbx1cy637rBAihx97r+
+bcwbZM6sTDIaEriR/PLk6LKs9Be0uoVxgOKDcpG9svD33J+G9Lcfv1K9luDmSTgG
+6XNFIN5vfI5gs/lMPyojEMdIzK9blcl2/1vKxO8WGCcjvsQ1nJ/Pwt8LQZBfOFyV
+XP8ubAp/au3dc4EKWG9MO5zcx1qT9+NXRGdVWxGvmBFRAajciMfXME1ZuGmk3/GO
+koAM7ZkjZmleyokP1LGzmfJcUd9s7eeu1/9/eg5XlXd/55GtYjAM+C4DG5i7eaNq
+cm2F+yxYIPt6cbbtYVNJCGfHWqHEQ4FYStUyFnv8sjyqU8ypgZaNJ9aVcWSICLOI
+E1/Qv/7oKsnZCWJ926wU6RqG1OYPGOi1zuABhLw61cuPVDT28nQS/e6z95cJXq0e
+K1BcaJ6fJZsmbjRgD5p3mvEf5vdQM7MCEvU0tHbsx2I5mHHJoABHb8KVBgWp/lcX
+GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
+sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
+VQD9F6Na/+zmXCc=
+-----END CERTIFICATE-----

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donharper.org/www.donharper.org.json

@@ -0,0 +1,18 @@
+{
+	"sans": [
+		"www.donharper.org"
+	],
+	"issuer_data": {
+		"url": "https://acme-v02.api.letsencrypt.org/acme/cert/043f9ebac157d34758292b5dad282d95f32a",
+		"ca": "https://acme-v02.api.letsencrypt.org/directory",
+		"renewal_info": {
+			"suggestedWindow": {
+				"start": "2025-02-06T20:50:22Z",
+				"end": "2025-02-08T20:50:22Z"
+			},
+			"_uniqueIdentifier": "nytfzzwhT50Et-0rLMTGcIvS1w0.BD-eusFX00dYKStdrSgtlfMq",
+			"_retryAfter": "2024-12-26T08:30:19.042233283Z",
+			"_selectedTime": "2025-02-08T16:23:16Z"
+		}
+	}
+}

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.donharper.org/www.donharper.org.key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIK0D/H0GAPP4zU7g2bnOhdV5E1PbIW5ckfJG0MRBn6M4oAoGCCqGSM49
+AwEHoUQDQgAEDuXgP4vgW9hY1+VhLz/GKCQViDJ8NRRzYl1o0/ckIE5QyGKoE47E
+TgbyquvkF5+y4rS/l3DRp8o+ZBXFY/6fPQ==
+-----END EC PRIVATE KEY-----

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.duckland.org/www.duckland.org.crt

@@ -0,0 +1,48 @@
+-----BEGIN CERTIFICATE-----
+MIIDgjCCAwigAwIBAgISBBMdm8FmlqLkw6jcv4yelfCcMAoGCCqGSM49BAMDMDIx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
+NjAeFw0yNDEyMTAxNTEwNTJaFw0yNTAzMTAxNTEwNTFaMBsxGTAXBgNVBAMTEHd3
+dy5kdWNrbGFuZC5vcmcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGVvF8A3IB
+xWNUbsPnyhlOieqgs5rkH8/l4GzvPhG9MVYVWpK0yvZh29vEAhYjzaJlY00QgYMk
+4fkHjlTQAgx/o4ICEzCCAg8wDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQT8anyGsMQ
+FeudW1VZxSN6gqJgbzAfBgNVHSMEGDAWgBSTJ0aYA6lRaI6Y1sRCSNsjv1iU0jBV
+BggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9lNi5vLmxlbmNyLm9y
+ZzAiBggrBgEFBQcwAoYWaHR0cDovL2U2LmkubGVuY3Iub3JnLzAbBgNVHREEFDAS
+ghB3d3cuZHVja2xhbmQub3JnMBMGA1UdIAQMMAowCAYGZ4EMAQIBMIIBBQYKKwYB
+BAHWeQIEAgSB9gSB8wDxAHYAouMK5EXvva2bfjjtR2d3U9eCW4SU1yteGyzEuVCk
+R+cAAAGTsVUT5wAABAMARzBFAiBT1yALbBJX6QCumeOR4taxzxqLkk+Mraajc9lw
++0U1YgIhAIUUoTepW8TBGQhfVq3kCvXfTLH/i3edRs/eGOsE/Pa0AHcAzPsPaoVx
+CWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGTsVUT9QAABAMASDBGAiEA1+Zv
+PDtfBzuFAWGhTkXU8PCN6LihcNwYqfbCh2tMq+ECIQDzfTzzHeqnGe4R7RqiYNQD
+NjYkFOxzc6eT9B9YNVQBaDAKBggqhkjOPQQDAwNoADBlAjAgxx+9MUIykmFsFJSa
+TG8Em46MO5tFMarEFoTYm1l8/cHvrRTQD9I1wvPI/mD7qzwCMQCxNcii+67VzcuL
+vrErEdKeSpOaSf7l/2fJEetyexS5U1VWngiIrMVINRALVu5cDJA=
+-----END CERTIFICATE-----
+
+-----BEGIN CERTIFICATE-----
+MIIEVzCCAj+gAwIBAgIRALBXPpFzlydw27SHyzpFKzgwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
+WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCRTYwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATZ8Z5G
+h/ghcWCoJuuj+rnq2h25EqfUJtlRFLFhfHWWvyILOR/VvtEKRqotPEoJhC6+QJVV
+6RlAN2Z17TJOdwRJ+HB7wxjnzvdxEP6sdNgA1O1tHHMWMxCcOrLqbGL0vbijgfgw
+gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSTJ0aYA6lRaI6Y1sRCSNsj
+v1iU0jAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
+AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
+BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
+Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAfYt7SiA1sgWGCIpunk46r4AExIRc
+MxkKgUhNlrrv1B21hOaXN/5miE+LOTbrcmU/M9yvC6MVY730GNFoL8IhJ8j8vrOL
+pMY22OP6baS1k9YMrtDTlwJHoGby04ThTUeBDksS9RiuHvicZqBedQdIF65pZuhp
+eDcGBcLiYasQr/EO5gxxtLyTmgsHSOVSBcFOn9lgv7LECPq9i7mfH3mpxgrRKSxH
+pOoZ0KXMcB+hHuvlklHntvcI0mMMQ0mhYj6qtMFStkF1RpCG3IPdIwpVCQqu8GV7
+s8ubknRzs+3C/Bm19RFOoiPpDkwvyNfvmQ14XkyqqKK5oZ8zhD32kFRQkxa8uZSu
+h4aTImFxknu39waBxIRXE4jKxlAmQc4QjFZoq1KmQqQg0J/1JF8RlFvJas1VcjLv
+YlvUB2t6npO6oQjB3l+PNf0DpQH7iUx3Wz5AjQCi6L25FjyE06q6BZ/QlmtYdl/8
+ZYao4SRqPEs/6cAiF+Qf5zg2UkaWtDphl1LKMuTNLotvsX99HP69V2faNyegodQ0
+LyTApr/vT01YPE46vNsDLgK+4cL6TrzC/a4WcmF5SRJ938zrv/duJHLXQIku5v0+
+EwOy59Hdm0PT/Er/84dDV0CSjdR/2XuZM3kpysSKLgD1cKiDA+IRguODCxfO9cyY
+Ig46v9mFmBvyH04=
+-----END CERTIFICATE-----

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.duckland.org/www.duckland.org.json

@@ -0,0 +1,18 @@
+{
+	"sans": [
+		"www.duckland.org"
+	],
+	"issuer_data": {
+		"url": "https://acme-v02.api.letsencrypt.org/acme/cert/04131d9bc16696a2e4c3a8dcbf8c9e95f09c",
+		"ca": "https://acme-v02.api.letsencrypt.org/directory",
+		"renewal_info": {
+			"suggestedWindow": {
+				"start": "2025-02-07T15:30:21Z",
+				"end": "2025-02-09T15:30:21Z"
+			},
+			"_uniqueIdentifier": "kydGmAOpUWiOmNbEQkjbI79YlNI.BBMdm8FmlqLkw6jcv4yelfCc",
+			"_retryAfter": "2024-12-26T08:30:19.096054251Z",
+			"_selectedTime": "2025-02-07T17:51:47Z"
+		}
+	}
+}

hosts/w1/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory/www.duckland.org/www.duckland.org.key

@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIBZOyltUpUSokf/skLpum+m+plBactR3qz/eG7Aum6epoAoGCCqGSM49
+AwEHoUQDQgAExlbxfANyAcVjVG7D58oZTonqoLOa5B/P5eBs7z4RvTFWFVqStMr2
+YdvbxAIWI82iZWNNEIGDJOH5B45U0AIMfw==
+-----END EC PRIVATE KEY-----

hosts/w1/caddy/data/instance.uuid

@@ -0,0 +1 @@
+7f753271-4b8e-420d-9ac6-6ae744654045

hosts/w1/caddy/data/last_clean.json

@@ -0,0 +1 @@
+{"tls":{"timestamp":"2024-12-24T21:40:18.896076102Z","instance_id":"7f753271-4b8e-420d-9ac6-6ae744654045"}}

hosts/w1/default.nix

@@ -3,6 +3,7 @@
     ./hardware-configuration.nix
     ./network.nix
     ../server
+    ./podman.nix
     # ../server/searxng.nix
   ];
   networking.hostName = "w1";

hosts/w1/docker-compose.yml

@@ -0,0 +1,20 @@
+---
+services:
+  caddy:
+    image: docker.io/library/caddy:latest
+    container_name: caddy
+    hostname: caddy
+    user: "1000"
+    ports:
+      - 443:443
+      - 80:80
+      - 2020:2020
+    volumes:
+      - ./caddy/config:/config/caddy
+      - ./caddy/data:/data/caddy
+      - ./caddy/Caddyfile:/etc/caddy/Caddyfile
+      - /home/don/www/www.duckland.org:/srv/duckland
+      - /home/don/www/www.donharper.org:/srv/donharper
+      - /home/don/www/www.donaldharper.com:/srv/donaldharper
+      - /home/don/www/p365:/srv/p365
+      - /home/don/www/travel.donaldharper.com:/srv/travel

hosts/w1/podman.nix

@@ -1,5 +1,7 @@
-# Auto-generated using compose2nix v0.1.6.
+# Auto-generated using compose2nix v0.3.1.
-{ pkgs, lib, ... }: {
+{ pkgs, lib, ... }:
+
+{
   # Runtime
   virtualisation.podman = {
     enable = true;
@@ -10,111 +12,72 @@
       dns_enabled = true;
     };
   };
+
+  # Enable container name DNS for non-default Podman networks.
+  # https://github.com/NixOS/nixpkgs/issues/226365
+  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 ];
+
   virtualisation.oci-containers.backend = "podman";
 
   # Containers
-  virtualisation.oci-containers.containers."bandwidth" = {
+  virtualisation.oci-containers.containers."caddy" = {
-    image = "lscr.io/linuxserver/speedtest-tracker:latest";
+    image = "docker.io/library/caddy:latest";
-    environment = {
-      DB_CONNECTION = "mysql";
-      DB_DATABASE = "speedtest_tracker";
-      DB_HOST = "bandwidth-db";
-      DB_PASSWORD = "password";
-      DB_PORT = "3306";
-      DB_USERNAME = "speedy";
-      PGID = "1000";
-      PUID = "1000";
-      TZ = "America/Chicago";
-    };
     volumes = [
-      "/etc/localtime:/etc/localtime:ro"
+      "/home/don/podman/caddy/Caddyfile:/etc/caddy/Caddyfile:rw"
-      "/home/don/docker/speedtest/config:/config:rw"
+      "/home/don/podman/caddy/config:/config/caddy:rw"
-      "/home/don/docker/speedtest/web:/etc/ssl/web:rw"
+      "/home/don/podman/caddy/data:/data/caddy:rw"
+      "/home/don/www/p365:/srv/p365:rw"
+      "/home/don/www/travel.donaldharper.com:/srv/travel:rw"
+      "/home/don/www/www.donaldharper.com:/srv/donaldharper:rw"
+      "/home/don/www/www.donharper.org:/srv/donharper:rw"
+      "/home/don/www/www.duckland.org:/srv/duckland:rw"
     ];
-    dependsOn = [ "bandwidth-db" "bandwidth-ts" ];
+    ports = [ "443:443/tcp" "80:80/tcp" "2020:2020/tcp" ];
-    log-driver = "journald";
+    user = "1000";
-    extraOptions = [ "--network=container:bandwidth-ts" ];
-  };
-  systemd.services."podman-bandwidth" = {
-    serviceConfig = { Restart = lib.mkOverride 500 "always"; };
-    partOf = [ "podman-compose-tstest-root.target" ];
-    unitConfig.UpheldBy =
-      [ "podman-bandwidth-db.service" "podman-bandwidth-ts.service" ];
-    wantedBy = [ "podman-compose-tstest-root.target" ];
-  };
-  virtualisation.oci-containers.containers."bandwidth-db" = {
-    image = "mariadb:10";
-    environment = {
-      MARIADB_DATABASE = "speedtest_tracker";
-      MARIADB_PASSWORD = "password";
-      MARIADB_RANDOM_ROOT_PASSWORD = "true";
-      MARIADB_USER = "speedy";
-      PGID = "1000";
-      PUID = "1000";
-    };
-    volumes = [ "/home/don/docker/speedtest-db:/var/lib/mysql:rw" ];
-    dependsOn = [ "bandwidth-ts" ];
-    log-driver = "journald";
-    extraOptions = [ "--network=container:bandwidth-ts" ];
-  };
-  systemd.services."podman-bandwidth-db" = {
-    serviceConfig = { Restart = lib.mkOverride 500 "always"; };
-    partOf = [ "podman-compose-tstest-root.target" ];
-    unitConfig.UpheldBy = [ "podman-bandwidth-ts.service" ];
-    wantedBy = [ "podman-compose-tstest-root.target" ];
-  };
-  virtualisation.oci-containers.containers."bandwidth-ts" = {
-    image = "tailscale/tailscale";
-    environment = {
-      PGID = "1000";
-      PUID = "1000";
-      TS_ACCEPT_DNS = "true";
-      TS_AUTHKEY =
-        "tskey-auth-k6qutwuAk221CNTRL-9L2MS7sw2SVtH2kYKCcVNVsUHKYSX5UjH";
-      TS_HOSTNAME = "fred-bw";
-      TS_STATE_DIR = "/var/lib/tailscale";
-    };
-    volumes = [
-      "/dev/net/tun:/dev/net/tun:rw"
-      "/home/don/docker/tailscale/var_lib:/var/lib:rw"
-    ];
-    cmd = [ "tailscaled" ];
     log-driver = "journald";
     extraOptions = [
-      "--cap-add=net_admin"
+      "--hostname=caddy"
-      "--cap-add=sys_module"
+      "--network-alias=caddy"
-      "--network-alias=bandwidth-ts"
+      "--network=websites_default"
-      "--network=tstest-default"
-      "--privileged"
     ];
   };
-  systemd.services."podman-bandwidth-ts" = {
+  systemd.services."podman-caddy" = {
-    serviceConfig = { Restart = lib.mkOverride 500 "no"; };
+    serviceConfig = { Restart = lib.mkOverride 90 "no"; };
-    after = [ "podman-network-tstest-default.service" ];
+    after = [ "podman-network-websites_default.service" ];
-    requires = [ "podman-network-tstest-default.service" ];
+    requires = [ "podman-network-websites_default.service" ];
-    partOf = [ "podman-compose-tstest-root.target" ];
+    partOf = [ "podman-compose-websites-root.target" ];
-    wantedBy = [ "podman-compose-tstest-root.target" ];
+    wantedBy = [ "podman-compose-websites-root.target" ];
+    unitConfig.RequiresMountsFor = [
+      "/home/don/podman/caddy/Caddyfile"
+      "/home/don/podman/caddy/config"
+      "/home/don/podman/caddy/data"
+      "/home/don/www/p365"
+      "/home/don/www/travel.donaldharper.com"
+      "/home/don/www/www.donaldharper.com"
+      "/home/don/www/www.donharper.org"
+      "/home/don/www/www.duckland.org"
+    ];
   };
 
   # Networks
-  systemd.services."podman-network-tstest-default" = {
+  systemd.services."podman-network-websites_default" = {
     path = [ pkgs.podman ];
     serviceConfig = {
       Type = "oneshot";
       RemainAfterExit = true;
-      ExecStop = "${pkgs.podman}/bin/podman network rm -f tstest-default";
+      ExecStop = "podman network rm -f websites_default";
     };
     script = ''
-      podman network inspect tstest-default || podman network create tstest-default --opt isolate=true
+      podman network inspect websites_default || podman network create websites_default
     '';
-    partOf = [ "podman-compose-tstest-root.target" ];
+    partOf = [ "podman-compose-websites-root.target" ];
-    wantedBy = [ "podman-compose-tstest-root.target" ];
+    wantedBy = [ "podman-compose-websites-root.target" ];
   };
 
   # Root service
   # When started, this will automatically create all resources and start
   # the containers. When stopped, this will teardown all resources.
-  systemd.targets."podman-compose-tstest-root" = {
+  systemd.targets."podman-compose-websites-root" = {
     unitConfig = { Description = "Root target generated by compose2nix."; };
     wantedBy = [ "multi-user.target" ];
   };