caddy: allow disabling default tlsConfig

[Scrumplex]

Describe the bug

caddy.nix Adds a tlsConfig block to Caddyfile by default. If you now want to use tls internal Caddy will fail, as there will then be two different TLS configurations at the same time.

It should be possible to disable this default tlsConfig for local setups, which might not use ACME to generate certificates.

Steps To Reproduce

services.caddy = {
  enable = true;
  config = ''
  :8443 {
    tls internal
  }
  '';
};

Oct 24 21:03:29 cosmos caddy[1571913]: run: loading initial config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: tls: invalid configuration: automation policy 1 is the second policy that acts as default/catch-all, but will never be used

Expected behavior

No errors

Notify maintainers

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

 - system: `"aarch64-linux"`
 - host os: `Linux 5.10.17, NixOS, 21.05.3892.70904d4a992 (Okapi)`
 - multi-user?: `yes`
 - sandbox: `yes`
 - version: `nix-env (Nix) 2.3.16`
 - channels(root): `"nixos-21.05.3892.70904d4a992"`
 - nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`

Maintainer information:

services.caddy

[stale]

I marked this as stale due to inactivity. → More info

[sephii]

From what I can see the default TLS directives got removed in #147973, so this issue can be closed.

Also if you need to globally enable local certs, you can use services.caddy.globalConfig = "local_certs";.