diff options
Diffstat (limited to 'system/nanopi.nix')
-rwxr-xr-x | system/nanopi.nix | 50 |
1 files changed, 42 insertions, 8 deletions
diff --git a/system/nanopi.nix b/system/nanopi.nix index 6ee61e69..1e7411fa 100755 --- a/system/nanopi.nix +++ b/system/nanopi.nix @@ -504,11 +504,9 @@ in "/ts.net/tailscale" ]; localise-queries = true; - cname = [ - "ha,home-assistant" - ]; interface-name = [ "nanopi.${domain},bridge0" + "ca.${domain},bridge0" "wan.${domain},wan0" "wlan.${domain},wlan0" ]; @@ -525,10 +523,6 @@ in # ]; bind-interfaces = true; - # if this is false, a remote query for nanopi returns 127.0.0.2, because that's in /etc/hosts - no-hosts = false; - expand-hosts = true; - dnssec = true; trust-anchor = ".,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D"; @@ -538,7 +532,8 @@ in dhcp-rapid-commit = true; dhcp-range = [ "10.0.1.0,10.0.1.250,12h" - "::,constructor:bridge0,ra-stateless,ra-names,48h" + "fd12:d04f:65d:42::,slaac,ra-names,48h" + "::,constructor:bridge0,ra-stateless,48h" ]; dhcp-host = [ "00:a0:de:b3:0c:01,10.0.0.50,wxa-50" @@ -609,6 +604,45 @@ in }; }; + services.caddy = { + enable = true; + globalConfig = '' + pki { + ca home { + name "Home CA" + } + } + ''; + virtualHosts = { + "nanopi.${domain}" = { + serverAliases = [ "nanopi.${ts_domain}" ]; + extraConfig = '' + tls { + issuer internal { + ca home + } + } + root /var/lib/caddy/ca + file_server browse + ''; + }; + "ca.${domain}" = { + extraConfig = '' + tls { + issuer internal { + ca home + } + } + acme_server { + allow { + domains *.test *.${domain} + } + } + ''; + }; + }; + }; + system.stateVersion = "23.05"; programs.fish = { |