From 28f306b06571e7a2f1eb471acea26e5c0f38840f Mon Sep 17 00:00:00 2001
From: Andrew Trieu <andrew.trieu@proton.me>
Date: Thu, 20 Nov 2025 17:04:27 +0200
Subject: [PATCH] feat: Add environment configuration and update Caddy setup
 for DuckDNS

---
 homelab/.env.example |  8 +++++++
 homelab/Caddyfile    | 50 +++++++++++++----------------------------
 homelab/Dockerfile   |  9 ++++++++
 homelab/compose.yml  | 53 +++++++++++++++++++-------------------------
 4 files changed, 56 insertions(+), 64 deletions(-)
 create mode 100644 homelab/.env.example
 create mode 100644 homelab/Dockerfile

diff --git a/homelab/.env.example b/homelab/.env.example
new file mode 100644
index 0000000..ee45bf7
--- /dev/null
+++ b/homelab/.env.example
@@ -0,0 +1,8 @@
+VAULT_DOMAIN=vault.example.com
+AUTH_DOMAIN=auth.example.com
+STORAGE_DOMAIN=storage.example.com
+EMAIL=mail@example.com
+APP_KEY=32characterslongrandomstring!
+NC_ADMIN_USER=admin
+NC_ADMIN_PASS=changeme
+DUCKDNS_TOKEN=TOKEN
\ No newline at end of file
diff --git a/homelab/Caddyfile b/homelab/Caddyfile
index a7ed2f8..f64eeec 100644
--- a/homelab/Caddyfile
+++ b/homelab/Caddyfile
@@ -1,18 +1,21 @@
+# ===========================
+# DuckDNS
+# ===========================
+(dns_duck) {
+    tls {
+        dns duckdns {env.DUCKDNS_TOKEN}
+    }
+    log {
+        output file {env.LOG_FILE}
+        format console
+    }
+}
+
 # ===========================
 # Vaultwarden
 # ===========================
 {$VAULT_DOMAIN} {
-    log {
-        level INFO
-        output file {$LOG_FILE} {
-            roll_size 10MB
-            roll_keep 10
-        }
-    }
-
-    tls {
-        dns duckdns {$DUCKDNS_TOKEN}
-    }
+    import dns_duck
 
     encode zstd gzip
 
@@ -23,17 +26,7 @@
 # 2FAuth
 # ===========================
 {$AUTH_DOMAIN} {
-    log {
-        level INFO
-        output file {$LOG_FILE} {
-            roll_size 10MB
-            roll_keep 10
-        }
-    }
-
-    tls {
-        dns duckdns {$DUCKDNS_TOKEN}
-    }
+    import dns_duck
 
     encode zstd gzip
 
@@ -44,21 +37,10 @@
 # Nextcloud
 # ===========================
 {$STORAGE_DOMAIN} {
-    log {
-        level INFO
-        output file {$LOG_FILE} {
-            roll_size 10MB
-            roll_keep 10
-        }
-    }
-
-    tls {
-        dns duckdns {$DUCKDNS_TOKEN}
-    }
+    import dns_duck
 
     encode zstd gzip
 
-
     reverse_proxy nextcloud:80
 }
 
diff --git a/homelab/Dockerfile b/homelab/Dockerfile
new file mode 100644
index 0000000..7e0b8df
--- /dev/null
+++ b/homelab/Dockerfile
@@ -0,0 +1,9 @@
+# Build Caddy with DuckDNS DNS provider
+FROM caddy:latest-builder AS builder
+
+RUN xcaddy build \
+    --with github.com/caddy-dns/duckdns
+
+FROM caddy:latest 
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy
\ No newline at end of file
diff --git a/homelab/compose.yml b/homelab/compose.yml
index 2a599e1..b5edd8a 100644
--- a/homelab/compose.yml
+++ b/homelab/compose.yml
@@ -9,7 +9,7 @@ services:
     volumes:
       - ./services/vaultwarden:/data
     environment:
-      DOMAIN: "https://vault.example.com" # Change to yours
+      DOMAIN: "https://${VAULT_DOMAIN}"
 
   # ==========================
   # 2FAuth (2FA manager)
@@ -21,19 +21,17 @@ services:
     volumes:
       - ./services/2fauth:/data
     environment:
-      - APP_NAME=2FAuth
-      - APP_ENV=production
-      - APP_DEBUG=false
-      - APP_TIMEZONE=Europe/Helsinki
-      - SITE_OWNER=admin@example.com # Change to yours
-      - APP_KEY=SomeRandomStringOf32CharsExactly # Change to yours
-      - APP_URL=https://auth.example.com # Change to yours
-      - ASSET_URL=https://auth.example.com # Change to yours
-      - TRUSTED_PROXIES=*
-      - LOG_CHANNEL=daily
-      - LOG_LEVEL=notice
-    networks:
-      - default
+      APP_NAME: 2FAuth
+      APP_ENV: production
+      APP_DEBUG: false
+      APP_TIMEZONE: UTC
+      SITE_OWNER: ${EMAIL}      
+      APP_KEY:  ${APP_KEY}
+      APP_URL: "https://${AUTH_DOMAIN}"
+      ASSET_URL: "https://${AUTH_DOMAIN}"
+      TRUSTED_PROXIES: '*'
+      LOG_CHANNEL: daily
+      LOG_LEVEL: notice
 
   # ==========================
   # Nextcloud (Personal cloud / NAS)
@@ -45,16 +43,16 @@ services:
     volumes:
       - ./services/nextcloud:/var/www/html
     environment:
-      - NEXTCLOUD_ADMIN_USER=admin         # Change to yours
-      - NEXTCLOUD_ADMIN_PASSWORD=changeme  # Change to a strong password
-    networks:
-      - default
+      NEXTCLOUD_ADMIN_USER: ${NC_ADMIN_USER}
+      NEXTCLOUD_ADMIN_PASSWORD: ${NC_ADMIN_PASS}
 
   # ==========================
   # Caddy (Reverse proxy)
   # ==========================
   caddy:
-    image: caddy:2
+    build:
+      context: .
+      dockerfile: Dockerfile
     container_name: caddy
     restart: always
     ports:
@@ -67,13 +65,12 @@ services:
       - ./caddy-config:/config
       - ./caddy-data:/data
     environment:
-      # For Caddy: hostnames only, no https://
-      VAULT_DOMAIN: "vault.example.com" # Change to yours
-      AUTH_DOMAIN:  "auth.example.com" # Change to yours
-      STORAGE_DOMAIN: "storage.example.com" # Change to yours
-      EMAIL: "admin@example.com" # Change to yours
-      DUCKDNS_TOKEN: "TOKEN" # Change to yours
-      LOG_FILE: "/data/access.log"
+      VAULT_DOMAIN: ${VAULT_DOMAIN}
+      AUTH_DOMAIN: ${AUTH_DOMAIN}
+      STORAGE_DOMAIN: ${STORAGE_DOMAIN}
+      EMAIL: ${EMAIL}
+      DUCKDNS_TOKEN: ${DUCKDNS_TOKEN}
+      LOG_FILE: /data/access.log
 
   # ==========================
   # Portainer (Docker manager)
@@ -133,7 +130,3 @@ services:
       - /proc:/host/proc:ro
       - /sys:/host/sys:ro
 
-networks:
-  default:
-    driver: bridge
-