all repos — nixfiles @ 91dcf6ef11bbcf1ecaf5666064657694860b163f

System and user configuration, managed by nix and home-manager

nanopi: enable local CA

Alan Pearce
commit

91dcf6ef11bbcf1ecaf5666064657694860b163f

parent

47f590d853a959145ef7b860857740d11c0853b3

1 file changed, 41 insertions(+), 0 deletions(-)

jump to
M system/nanopi.nixsystem/nanopi.nix
@@ -506,6 +506,7 @@ ];
localise-queries = true; interface-name = [ "nanopi.${domain},bridge0" + "ca.${domain},bridge0" "wan.${domain},wan0" "wlan.${domain},wlan0" ];
@@ -602,6 +603,46 @@ if [[ $IFACE == "wan0" && $OperationalState == "routable" ]]
then ${pkgs.ethtool}/bin/ethtool -K $IFACE rx-udp-gro-forwarding on rx-gro-list off fi + ''; + }; + }; + }; + + services.caddy = { + enable = true; + globalConfig = '' + auto_https disable_redirects + pki { + ca home { + name "Home CA" + } + } + ''; + virtualHosts = { + "nanopi.${domain}" = { + serverAliases = [ "nanopi.${ts_domain}" ]; + extraConfig = '' + tls { + issuer internal { + ca home + } + } + root /var/lib/caddy/ca + file_server browse + ''; + }; + "ca.${domain}" = { + extraConfig = '' + tls { + issuer internal { + ca home + } + } + acme_server { + allow { + domains *.test *.${domain} + } + } ''; }; };