caddy: enable dns challenges

shared/caddy/default.nix

@@ -1,15 +1,21 @@
 { config, caddy-patched, ... }:
 {
+  age.secrets.acme-caddy = {
+    file = ../../secrets/shared/acme-caddy.age;
+    owner = "caddy";
+  };
   services.caddy = {
     enable = true;
-    # package = caddy-patched.packages.x86_64-linux.default;
+    package = caddy-patched.packages.x86_64-linux.default;
     email = "ca@${config.networking.domain}";
     logFormat = "format console";
     globalConfig = ''
       servers {
         metrics
       }
+      import ${config.age.secrets.acme-caddy.path}
     '';
+
     virtualHosts.":2018" = {
       extraConfig = ''
         metrics

shared/systemd.nix

@@ -1,6 +1,8 @@
 { pkgs, lib, ... }:
 
 {
+  # fixes run0 failing to execute
+  security.pam.services.systemd-run0 = { };
   systemd = {
 
     # package = lib.mkDefault (nixpkgs-systemd-256.legacyPackages.x86_64-linux.systemd.override { withHomed = false; });