heimdall: Use default method of TLS certificate handling

machines/heimdall/configuration.nix

@@ -1,10 +1,5 @@
 { self, ... }@inputs:
-{
-  pkgs,
-  modulesPath,
-  lib,
-  ...
-}:
+{ modulesPath, lib, ... }:
 # let
 #   pkgs = self.inputs.nixpkgs.legacyPackages.x86_64-linux;
 # in
@@ -21,18 +16,6 @@
       enable = true;
       server = true;
     };
-
-    caddy-proxy = {
-      enable = true;
-      package = inputs.caddy-with-plugins.packages.${pkgs.system}.caddy-with-cloudflare;
-      proxyHosts = [
-        {
-          externalHostname = "git.datarift.nl";
-          proxyAddress = "gitea.barn-beaver.ts.net:3000";
-          external = true;
-        }
-      ];
-    };
     headscale = {
       enable = false;
       baseDomain = "asgard.datarift.nl";
@@ -154,6 +137,11 @@
             }
           '';
         };
+        "git.datarift.nl" = {
+          extraConfig = ''
+            reverse_proxy gitea.barn-beaver.ts.net:3000
+          '';
+        };
       };
     };
   };