diff options
Diffstat (limited to 'system/nanopi.nix')
-rwxr-xr-x | system/nanopi.nix | 47 |
1 files changed, 40 insertions, 7 deletions
diff --git a/system/nanopi.nix b/system/nanopi.nix index 5083f9e7..1e7411fa 100755 --- a/system/nanopi.nix +++ b/system/nanopi.nix @@ -504,11 +504,9 @@ in "/ts.net/tailscale" ]; localise-queries = true; - cname = [ - "ha,home-assistant" - ]; interface-name = [ "nanopi.${domain},bridge0" + "ca.${domain},bridge0" "wan.${domain},wan0" "wlan.${domain},wlan0" ]; @@ -525,10 +523,6 @@ in # ]; bind-interfaces = true; - # if this is false, a remote query for nanopi returns 127.0.0.2, because that's in /etc/hosts - no-hosts = false; - expand-hosts = true; - dnssec = true; trust-anchor = ".,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D"; @@ -610,6 +604,45 @@ in }; }; + services.caddy = { + enable = true; + globalConfig = '' + pki { + ca home { + name "Home CA" + } + } + ''; + virtualHosts = { + "nanopi.${domain}" = { + serverAliases = [ "nanopi.${ts_domain}" ]; + extraConfig = '' + tls { + issuer internal { + ca home + } + } + root /var/lib/caddy/ca + file_server browse + ''; + }; + "ca.${domain}" = { + extraConfig = '' + tls { + issuer internal { + ca home + } + } + acme_server { + allow { + domains *.test *.${domain} + } + } + ''; + }; + }; + }; + system.stateVersion = "23.05"; programs.fish = { |