nanopi: enable local CA
Alan Pearce alan@alanpearce.eu
Thu, 27 Jun 2024 11:50:47 +0200
1 files changed, 41 insertions(+), 0 deletions(-)
jump to
M system/nanopi.nix → system/nanopi.nix
@@ -506,6 +506,7 @@ ]; localise-queries = true; interface-name = [ "nanopi.${domain},bridge0" + "ca.${domain},bridge0" "wan.${domain},wan0" "wlan.${domain},wlan0" ]; @@ -602,6 +603,46 @@ if [[ $IFACE == "wan0" && $OperationalState == "routable" ]] then ${pkgs.ethtool}/bin/ethtool -K $IFACE rx-udp-gro-forwarding on rx-gro-list off fi + ''; + }; + }; + }; + + services.caddy = { + enable = true; + globalConfig = '' + auto_https disable_redirects + pki { + ca home { + name "Home CA" + } + } + ''; + virtualHosts = { + "nanopi.${domain}" = { + serverAliases = [ "nanopi.${ts_domain}" ]; + extraConfig = '' + tls { + issuer internal { + ca home + } + } + root /var/lib/caddy/ca + file_server browse + ''; + }; + "ca.${domain}" = { + extraConfig = '' + tls { + issuer internal { + ca home + } + } + acme_server { + allow { + domains *.test *.${domain} + } + } ''; }; };