feat: Add environment configuration and update Caddy setup for DuckDNS

homelab/.env.example

@@ -0,0 +1,8 @@
+VAULT_DOMAIN=vault.example.com
+AUTH_DOMAIN=auth.example.com
+STORAGE_DOMAIN=storage.example.com
+EMAIL=mail@example.com
+APP_KEY=32characterslongrandomstring!
+NC_ADMIN_USER=admin
+NC_ADMIN_PASS=changeme
+DUCKDNS_TOKEN=TOKEN

homelab/Caddyfile

@@ -1,18 +1,21 @@
+# ===========================
+# DuckDNS
+# ===========================
+(dns_duck) {
+    tls {
+        dns duckdns {env.DUCKDNS_TOKEN}
+    }
+    log {
+        output file {env.LOG_FILE}
+        format console
+    }
+}
+
 # ===========================
 # Vaultwarden
 # ===========================
 {$VAULT_DOMAIN} {
-    log {
-        level INFO
-        output file {$LOG_FILE} {
-            roll_size 10MB
-            roll_keep 10
-        }
-    }
-
-    tls {
-        dns duckdns {$DUCKDNS_TOKEN}
-    }
+    import dns_duck
 
     encode zstd gzip
 
@@ -23,17 +26,7 @@
 # 2FAuth
 # ===========================
 {$AUTH_DOMAIN} {
-    log {
-        level INFO
-        output file {$LOG_FILE} {
-            roll_size 10MB
-            roll_keep 10
-        }
-    }
-
-    tls {
-        dns duckdns {$DUCKDNS_TOKEN}
-    }
+    import dns_duck
 
     encode zstd gzip
 
@@ -44,21 +37,10 @@
 # Nextcloud
 # ===========================
 {$STORAGE_DOMAIN} {
-    log {
-        level INFO
-        output file {$LOG_FILE} {
-            roll_size 10MB
-            roll_keep 10
-        }
-    }
-
-    tls {
-        dns duckdns {$DUCKDNS_TOKEN}
-    }
+    import dns_duck
 
     encode zstd gzip
 
-
     reverse_proxy nextcloud:80
 }
 

homelab/Dockerfile

@@ -0,0 +1,9 @@
+# Build Caddy with DuckDNS DNS provider
+FROM caddy:latest-builder AS builder
+
+RUN xcaddy build \
+    --with github.com/caddy-dns/duckdns
+
+FROM caddy:latest 
+
+COPY --from=builder /usr/bin/caddy /usr/bin/caddy

homelab/compose.yml

@@ -9,7 +9,7 @@ services:
     volumes:
       - ./services/vaultwarden:/data
     environment:
-      DOMAIN: "https://vault.example.com" # Change to yours
+      DOMAIN: "https://${VAULT_DOMAIN}"
 
   # ==========================
   # 2FAuth (2FA manager)
@@ -21,19 +21,17 @@ services:
     volumes:
       - ./services/2fauth:/data
     environment:
-      - APP_NAME=2FAuth
-      - APP_ENV=production
-      - APP_DEBUG=false
-      - APP_TIMEZONE=Europe/Helsinki
-      - SITE_OWNER=admin@example.com # Change to yours
-      - APP_KEY=SomeRandomStringOf32CharsExactly # Change to yours
-      - APP_URL=https://auth.example.com # Change to yours
-      - ASSET_URL=https://auth.example.com # Change to yours
-      - TRUSTED_PROXIES=*
-      - LOG_CHANNEL=daily
-      - LOG_LEVEL=notice
-    networks:
-      - default
+      APP_NAME: 2FAuth
+      APP_ENV: production
+      APP_DEBUG: false
+      APP_TIMEZONE: UTC
+      SITE_OWNER: ${EMAIL}      
+      APP_KEY:  ${APP_KEY}
+      APP_URL: "https://${AUTH_DOMAIN}"
+      ASSET_URL: "https://${AUTH_DOMAIN}"
+      TRUSTED_PROXIES: '*'
+      LOG_CHANNEL: daily
+      LOG_LEVEL: notice
 
   # ==========================
   # Nextcloud (Personal cloud / NAS)
@@ -45,16 +43,16 @@ services:
     volumes:
       - ./services/nextcloud:/var/www/html
     environment:
-      - NEXTCLOUD_ADMIN_USER=admin         # Change to yours
-      - NEXTCLOUD_ADMIN_PASSWORD=changeme  # Change to a strong password
-    networks:
-      - default
+      NEXTCLOUD_ADMIN_USER: ${NC_ADMIN_USER}
+      NEXTCLOUD_ADMIN_PASSWORD: ${NC_ADMIN_PASS}
 
   # ==========================
   # Caddy (Reverse proxy)
   # ==========================
   caddy:
-    image: caddy:2
+    build:
+      context: .
+      dockerfile: Dockerfile
     container_name: caddy
     restart: always
     ports:
@@ -67,13 +65,12 @@ services:
       - ./caddy-config:/config
       - ./caddy-data:/data
     environment:
-      # For Caddy: hostnames only, no https://
-      VAULT_DOMAIN: "vault.example.com" # Change to yours
-      AUTH_DOMAIN:  "auth.example.com" # Change to yours
-      STORAGE_DOMAIN: "storage.example.com" # Change to yours
-      EMAIL: "admin@example.com" # Change to yours
-      DUCKDNS_TOKEN: "TOKEN" # Change to yours
-      LOG_FILE: "/data/access.log"
+      VAULT_DOMAIN: ${VAULT_DOMAIN}
+      AUTH_DOMAIN: ${AUTH_DOMAIN}
+      STORAGE_DOMAIN: ${STORAGE_DOMAIN}
+      EMAIL: ${EMAIL}
+      DUCKDNS_TOKEN: ${DUCKDNS_TOKEN}
+      LOG_FILE: /data/access.log
 
   # ==========================
   # Portainer (Docker manager)
@@ -133,7 +130,3 @@ services:
       - /proc:/host/proc:ro
       - /sys:/host/sys:ro
 
-networks:
-  default:
-    driver: bridge
-