summary refs log tree commit diff stats
path: root/system
diff options
context:
space:
mode:
authorAlan Pearce2024-06-27 01:21:32 +0200
committerAlan Pearce2024-06-27 01:21:32 +0200
commitaaf13ed811404b1455bf9cd0551957fcdc58e587 (patch)
treef2eb542eb283acc1ce335480a28164ee1d570a82 /system
parenta8b679b21cfe5c2812f618022d7d0254e112c8bf (diff)
downloadnixfiles-aaf13ed811404b1455bf9cd0551957fcdc58e587.tar.lz
nixfiles-aaf13ed811404b1455bf9cd0551957fcdc58e587.tar.zst
nixfiles-aaf13ed811404b1455bf9cd0551957fcdc58e587.zip
dev: allow website to use acme to provision own cert
Diffstat (limited to 'system')
-rw-r--r--system/settings/dev.nix32
1 files changed, 25 insertions, 7 deletions
diff --git a/system/settings/dev.nix b/system/settings/dev.nix
index e975c214..8d246c15 100644
--- a/system/settings/dev.nix
+++ b/system/settings/dev.nix
@@ -1,7 +1,13 @@
 { config
+, lib
 , pkgs
 , ...
 }: {
+  networking = lib.mkIf pkgs.stdenv.isLinux {
+    hosts = {
+      "127.0.0.80" = [ "alanpearce.test" ];
+    };
+  };
   services.caddy = {
     enable = true;
     virtualHosts = {
@@ -12,17 +18,29 @@
               ca local
             }
           }
-          acme_server
+          acme_server {
+            allow {
+              domains *.test
+            }
+          }
         '';
       };
-      "alanpearce.localhost" = {
+      "alanpearce.test" = {
+        serverAliases = [ "alanpearce.localhost" ];
         extraConfig = ''
-          reverse_proxy h2c://alanpearce.localhost:3000 {
-              transport http {
-                dial_timeout 1s
-                compression off
-              }
+          tls {
+            issuer internal {
+              ca local
             }
+          }
+          reverse_proxy http://alanpearce.test:3000 {
+            header_up Host alanpearce.test
+            transport http {
+              dial_timeout 1s
+              compression off
+            }
+          }
+          redir / https://alanpearce.test:8443 302
         '';
       };
       "searchix.localhost" = {