2 files changed, 11 insertions, 4 deletions

diff --git a/Omni/Deploy/Deployer.nix b/Omni/Deploy/Deployer.nix
index 091b43b..ea4ae47 100644
--- a/Omni/Deploy/Deployer.nix
+++ b/Omni/Deploy/Deployer.nix
@@ -43,6 +43,12 @@ in {
       default = "/nix/var/nix/gcroots/biz";
       description = "Directory for GC roots to prevent closure garbage collection";
     };
+
+    enableCaddy = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Enable Caddy reverse proxy for HTTP services";
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -86,9 +92,9 @@ in {
       };
     };
 
-    # Caddy reverse proxy for deployed services
+    # Caddy reverse proxy for deployed services (optional)
     # TODO: Generate this dynamically from manifest in the future
-    services.caddy = {
+    services.caddy = lib.mkIf cfg.enableCaddy {
       enable = true;
       globalConfig = ''
         admin localhost:2019
@@ -98,7 +104,7 @@ in {
       '';
     };
 
-    # Open firewall for HTTP/HTTPS
-    networking.firewall.allowedTCPPorts = [80 443];
+    # Open firewall for HTTP/HTTPS (only if Caddy enabled)
+    networking.firewall.allowedTCPPorts = lib.mkIf cfg.enableCaddy [80 443];
   };
 }
diff --git a/Omni/Dev/Beryllium.nix b/Omni/Dev/Beryllium.nix
index f2fa1a3..367ee1d 100755
--- a/Omni/Dev/Beryllium.nix
+++ b/Omni/Dev/Beryllium.nix
@@ -28,5 +28,6 @@ in
       enable = true;
       package = packages.deployer;
       manifestPackage = packages.deploy-manifest;
+      enableCaddy = false; # Ava uses Tailscale Funnel, not Caddy
     };
   }