diff options
author | Alan Pearce | 2024-06-27 11:50:47 +0200 |
---|---|---|
committer | Alan Pearce | 2024-06-27 11:50:47 +0200 |
commit | 91dcf6ef11bbcf1ecaf5666064657694860b163f (patch) | |
tree | 9275850745bbc00a139a88a81e838566305fb6b0 | |
parent | 47f590d853a959145ef7b860857740d11c0853b3 (diff) | |
download | nixfiles-91dcf6ef11bbcf1ecaf5666064657694860b163f.tar.lz nixfiles-91dcf6ef11bbcf1ecaf5666064657694860b163f.tar.zst nixfiles-91dcf6ef11bbcf1ecaf5666064657694860b163f.zip |
nanopi: enable local CA
-rwxr-xr-x | system/nanopi.nix | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/system/nanopi.nix b/system/nanopi.nix index b0253554..3c49ec8f 100755 --- a/system/nanopi.nix +++ b/system/nanopi.nix @@ -506,6 +506,7 @@ in localise-queries = true; interface-name = [ "nanopi.${domain},bridge0" + "ca.${domain},bridge0" "wan.${domain},wan0" "wlan.${domain},wlan0" ]; @@ -607,6 +608,46 @@ in }; }; + services.caddy = { + enable = true; + globalConfig = '' + auto_https disable_redirects + pki { + ca home { + name "Home CA" + } + } + ''; + virtualHosts = { + "nanopi.${domain}" = { + serverAliases = [ "nanopi.${ts_domain}" ]; + extraConfig = '' + tls { + issuer internal { + ca home + } + } + root /var/lib/caddy/ca + file_server browse + ''; + }; + "ca.${domain}" = { + extraConfig = '' + tls { + issuer internal { + ca home + } + } + acme_server { + allow { + domains *.test *.${domain} + } + } + ''; + }; + }; + }; + system.stateVersion = "23.05"; programs.fish = { |