all repos — nixfiles @ aaf13ed811404b1455bf9cd0551957fcdc58e587

System and user configuration, managed by nix and home-manager

dev: allow website to use acme to provision own cert
Alan Pearce alan@alanpearce.eu
Thu, 27 Jun 2024 01:21:32 +0200
commit

aaf13ed811404b1455bf9cd0551957fcdc58e587

parent

a8b679b21cfe5c2812f618022d7d0254e112c8bf

1 files changed, 25 insertions(+), 7 deletions(-)

jump to
M system/settings/dev.nixsystem/settings/dev.nix
@@ -1,7 +1,13 @@ { config
+, lib
 , pkgs
 , ...
 }: {
+  networking = lib.mkIf pkgs.stdenv.isLinux {
+    hosts = {
+      "127.0.0.80" = [ "alanpearce.test" ];
+    };
+  };
   services.caddy = {
     enable = true;
     virtualHosts = {
@@ -12,17 +18,29 @@ issuer internal {               ca local
             }
           }
-          acme_server
+          acme_server {
+            allow {
+              domains *.test
+            }
+          }
         '';
       };
-      "alanpearce.localhost" = {
+      "alanpearce.test" = {
+        serverAliases = [ "alanpearce.localhost" ];
         extraConfig = ''
-          reverse_proxy h2c://alanpearce.localhost:3000 {
-              transport http {
-                dial_timeout 1s
-                compression off
-              }
+          tls {
+            issuer internal {
+              ca local
             }
+          }
+          reverse_proxy http://alanpearce.test:3000 {
+            header_up Host alanpearce.test
+            transport http {
+              dial_timeout 1s
+              compression off
+            }
+          }
+          redir / https://alanpearce.test:8443 302
         '';
       };
       "searchix.localhost" = {