feat: use caddy to reverse proxy homepage using tailscale certs

Also update browser policies to use the local homepage over https.

nixos/_mixins/desktop/default.nix

@@ -225,8 +225,8 @@ in
         "SafeBrowsingSurveysEnabled" = false;
         # Startup, Home and New Tab Page
         "HomePageIsNewTabPage" = true;
-        "HomePageLocation" = "https://${hostname}.wimpress.io";
-        "NewTabPageLocation" = "https://${hostname}.wimpress.io";
+        "HomePageLocation" = "https://${hostname}.drongo-gamma.ts.net";
+        "NewTabPageLocation" = "https://${hostname}.drongo-gamma.ts.net";
         "RestoreOnStartup" = 1;
         "ShowHomeButton" = false;
       };
@@ -367,7 +367,7 @@ in
         "Homepage" = {
           "Locked" = false;
           "StartPage" = "previous-session";
-          "URL" = "https://${hostname}.wimpress.io";
+          "URL" = "https://${hostname}.drongo-gamma.ts.net";
         };
         "NetworkPrediction" = false;
         "NewTabPage" = true;

nixos/_mixins/services/homepage.nix

@@ -4,19 +4,6 @@ let
   isWorkstation = if (desktop != null) then true else false;
 in
 {
-  networking = {
-    extraHosts = ''
-      127.0.0.2   ${hostname}.wimpress.io
-    '';
-    firewall.allowedTCPPorts = [
-      80
-      443
-    ];
-  };
-  security.acme = {
-    email = "REDACTED";
-    acceptTerms = true;
-  };
   services = {
     homepage-dashboard = {
       enable = isInstall;
@@ -279,10 +266,12 @@ in
       virtualHosts."localhost" = {
         extraConfig = ''
           reverse_proxy http://127.0.0.1:8082
-          tls internal
         '';
-        serverAliases = [ "${hostname}.wimpress.io" ];
+        serverAliases = [ "${hostname}.drongo-gamma.ts.net" ];
       };
     };
+    # Enable caddy to acquire certificates from the tailscale daemon
+    # - https://tailscale.com/blog/caddy
+    tailscale.permitCertUid = "caddy";
   };
 }