Omni/Deploy: make Caddy optional in Deployer.nix

Add enableCaddy option (default true) to allow hosts like beryllium
that use Tailscale Funnel to disable Caddy reverse proxy.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

1 files changed, 10 insertions, 4 deletions

diff --git a/Omni/Deploy/Deployer.nix b/Omni/Deploy/Deployer.nix
index 091b43b..ea4ae47 100644
--- a/Omni/Deploy/Deployer.nix
+++ b/Omni/Deploy/Deployer.nix
@@ -43,6 +43,12 @@ in {
       default = "/nix/var/nix/gcroots/biz";
       description = "Directory for GC roots to prevent closure garbage collection";
     };
+
+    enableCaddy = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Enable Caddy reverse proxy for HTTP services";
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -86,9 +92,9 @@ in {
       };
     };
 
-    # Caddy reverse proxy for deployed services
+    # Caddy reverse proxy for deployed services (optional)
     # TODO: Generate this dynamically from manifest in the future
-    services.caddy = {
+    services.caddy = lib.mkIf cfg.enableCaddy {
       enable = true;
       globalConfig = ''
         admin localhost:2019
@@ -98,7 +104,7 @@ in {
       '';
     };
 
-    # Open firewall for HTTP/HTTPS
-    networking.firewall.allowedTCPPorts = [80 443];
+    # Open firewall for HTTP/HTTPS (only if Caddy enabled)
+    networking.firewall.allowedTCPPorts = lib.mkIf cfg.enableCaddy [80 443];
   };
 }