caddy: add suport for compiling Caddy with plugins (#358586)

- `bind.cacheNetworks` now only controls access for recursive queries, where it previously controlled access for all queries.

- Caddy can now be built with plugins by using `caddy.withPlugins`, a `passthru` function that accepts an attribute set as a parameter. The `plugins` argument represents a list of Caddy plugins, with each Caddy plugin being a versioned module. The `hash` argument represents the `vendorHash` of the resulting Caddy source code with the plugins added.

  Example:

  ```nix

  services.caddy = {

    enable = true;

    package = pkgs.caddy.withPlugins {

      plugins = [ "github.com/caddy-dns/powerdns@v1.0.1" ];

      hash = "sha256-F/jqR4iEsklJFycTjSaW8B/V3iTGqqGOzwYBUXxRKrc=";

    };

  };

  ```

  To get the necessary hash of the vendored dependencies, omit `hash`. The build will fail and tell you the correct value.

- `programs.fzf.keybindings` now supports the fish shell.

<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

{ lib

, buildGoModule

, callPackage

, fetchFromGitHub

, nixosTests

, caddy

, testers

, installShellFiles

, stdenv

, go

, xcaddy

, cacert

, git

}:

let

  version = "2.8.4";

  subPackages = [ "cmd/caddy" ];

  ldflags = [

    "-s" "-w"

    "-s"

    "-w"

    "-X github.com/caddyserver/caddy/v2.CustomVersion=${version}"

  ];

      --zsh <($out/bin/caddy completion zsh)

  '';

  passthru.tests = {

  passthru = {

    tests = {

      inherit (nixosTests) caddy;

      version = testers.testVersion {

        command = "${caddy}/bin/caddy version";

        package = caddy;

      };

    };

    withPlugins = callPackage ./plugins.nix { inherit caddy; };

  };

  meta = with lib; {

    homepage = "https://caddyserver.com";

{

  lib,

  stdenv,

  go,

  xcaddy,

  cacert,

  git,

  caddy,

}:

{

  plugins,

  hash ? lib.fakeHash,

}:

let

  pluginsSorted = lib.sort lib.lessThan plugins;

  pluginsList = lib.concatMapStrings (plugin: "${plugin}-") pluginsSorted;

  pluginsHash = builtins.hashString "md5" pluginsList;

  pluginsWithoutVersion = lib.filter (p: !lib.hasInfix "@" p) pluginsSorted;

in

assert lib.assertMsg (

  lib.length pluginsWithoutVersion == 0

) "All plugins should have a version (eg ${lib.elemAt pluginsWithoutVersion 0}@x.y.z)!";

caddy.overrideAttrs (

  finalAttrs: prevAttrs: {

    vendorHash = null;

    subPackages = [ "." ];

    src = stdenv.mkDerivation {

      pname = "caddy-src-with-plugins-${pluginsHash}";

      version = finalAttrs.version;

      nativeBuildInputs = [

        go

        xcaddy

        cacert

        git

      ];

      dontUnpack = true;

      buildPhase =

        let

          withArgs = lib.concatMapStrings (plugin: "--with ${plugin} ") pluginsSorted;

        in

        ''

          export GOCACHE=$TMPDIR/go-cache

          export GOPATH="$TMPDIR/go"

          XCADDY_SKIP_BUILD=1 TMPDIR="$PWD" xcaddy build v${finalAttrs.version} ${withArgs}

          (cd buildenv* && go mod vendor)

        '';

      installPhase = ''

        mv buildenv* $out

      '';

      outputHashMode = "recursive";

      outputHash = hash;

      outputHashAlgo = "sha256";

    };

    doInstallCheck = true;

    installCheckPhase = ''

      runHook preInstallCheck

      ${lib.toShellVar "notfound" pluginsSorted}

      while read kind module version; do

        [[ "$kind" = "dep" ]] || continue

        module="''${module}@''${version}"

        for i in "''${!notfound[@]}"; do

          if [[ ''${notfound[i]} = ''${module} ]]; then

            unset 'notfound[i]'

          fi

        done

      done < <($out/bin/caddy build-info)

      if (( ''${#notfound[@]} )); then

        >&2 echo "Plugins not found: ''${notfound[@]}"

        exit 1

      fi

      runHook postInstallCheck

    '';

  }

)