diff --git a/modules/caddy/caddy.nix b/modules/caddy/caddy.nix
deleted file mode 100644
index 724fde2..0000000
--- a/modules/caddy/caddy.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{lib, pkgs, config, ...}:
-
-{
- 
-  services.caddy = {
-    enable = true;
-
-    virtualHosts = {
-      "s3.nekomimi.pet".extraConfig = ''
-        reverse_proxy http://127.0.0.1:3903
-      ''
-    };
-  };
-}
\ No newline at end of file
diff --git a/modules/caddy/default.nix b/modules/caddy/default.nix
new file mode 100644
index 0000000..08a0a64
--- /dev/null
+++ b/modules/caddy/default.nix
@@ -0,0 +1,46 @@
+{lib, pkgs, config, ...}:
+
+/* taken from https://github.com/jdheyburn/nixos-configs
+no license
+*/
+
+with lib;
+let
+  cfg = config.modules.caddy;
+  caddyMetricsPort = 2019
+in
+{
+  options = {
+    modules = {
+      caddy = { enable = mkEnableOption "Deploy Caddy"; };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Allow network access when building
+    # https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/#xcaddy
+    #nix.settings.sandbox = false;
+
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+      caddyMetricsPort
+    ];
+
+    services.caddy = {
+      enable = true;
+      /* package = pkgs.caddy.withPlugins {
+        plugins = [ "github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"];
+        hash = "sha256-JVkUkDKdat4aALJHQCq1zorJivVCdyBT+7UhqTvaFLw=";
+      };*/
+    };
+
+    systemd.services.caddy = {
+      serviceConfig = {
+        AmbientCapabilities = "cap_net_bind_service";
+        CapabilityBoundingSet = "cap_net_bind_service";
+        TimeoutStartSec = "5m";
+      };
+    };
+  };
+}
\ No newline at end of file