summary refs log tree commit diff stats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/prefect.nix19
-rw-r--r--system/settings/dev.nix92
2 files changed, 67 insertions, 44 deletions
diff --git a/system/prefect.nix b/system/prefect.nix
index abee00fd..980e35ff 100644
--- a/system/prefect.nix
+++ b/system/prefect.nix
@@ -179,6 +179,25 @@
 
   system.stateVersion = "23.05";
 
+  security.pki.certificates = [
+    ''
+      -----BEGIN CERTIFICATE-----
+      MIIBozCCAUqgAwIBAgIRAJ1slNK3lsucmYYUbtGRUvswCgYIKoZIzj0EAwIwMDEu
+      MCwGA1UEAxMlQ2FkZHkgTG9jYWwgQXV0aG9yaXR5IC0gMjAyNCBFQ0MgUm9vdDAe
+      Fw0yNDA2MjYxNTM3MTJaFw0zNDA1MDUxNTM3MTJaMDAxLjAsBgNVBAMTJUNhZGR5
+      IExvY2FsIEF1dGhvcml0eSAtIDIwMjQgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggq
+      hkjOPQMBBwNCAAR1fc1TOhp9oNy/p40BfUd+E13b1/URwwocuZ5w0SKHTE/t8Hp+
+      7Zd9ZTYvQ7WxFfaVxmBCcFMUJsTm7bbYTEvlo0UwQzAOBgNVHQ8BAf8EBAMCAQYw
+      EgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUcnlbpAM2ZCRsiCzdFiM5EjCm
+      aoEwCgYIKoZIzj0EAwIDRwAwRAIgcKf3vRiF87G0r2+vgBbyfWo4D2TDQWkSrfek
+      Q0f1Q5UCIEmyeqrifbp5JnZqtm3IlGVIEQcUeVygqnV/xW3xCAgT
+      -----END CERTIFICATE-----
+    ''
+  ];
+  networking.hosts = {
+    "127.0.0.80" = [ "alanpearce.test" "alanpearce.localhost" ];
+  };
+
   boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
   nix.settings.trusted-users = [ "root" "nixremote" ];
   services.displayManager.hiddenUsers = [ "nixremote" ];
diff --git a/system/settings/dev.nix b/system/settings/dev.nix
index 8d246c15..7d2e6193 100644
--- a/system/settings/dev.nix
+++ b/system/settings/dev.nix
@@ -1,58 +1,62 @@
-{ config
-, lib
-, pkgs
-, ...
-}: {
-  networking = lib.mkIf pkgs.stdenv.isLinux {
-    hosts = {
-      "127.0.0.80" = [ "alanpearce.test" ];
-    };
-  };
+{ ... }: {
   services.caddy = {
     enable = true;
-    virtualHosts = {
-      "localhost" = {
-        extraConfig = ''
+    globalConfig = ''
+      auto_https disable_redirects
+    '';
+    virtualHosts =
+      let
+        local_tls = ''
           tls {
             issuer internal {
               ca local
             }
           }
-          acme_server {
-            allow {
-              domains *.test
-            }
-          }
         '';
-      };
-      "alanpearce.test" = {
-        serverAliases = [ "alanpearce.localhost" ];
-        extraConfig = ''
-          tls {
-            issuer internal {
-              ca local
+      in
+      {
+        "localhost" = {
+          logFormat = "output discard";
+          extraConfig = ''
+            ${local_tls}
+            acme_server {
+              allow {
+                domains *.test *.localhost
+              }
             }
-          }
-          reverse_proxy http://alanpearce.test:3000 {
-            header_up Host alanpearce.test
-            transport http {
-              dial_timeout 1s
-              compression off
+          '';
+        };
+        # need to test forwarding behaviour
+        "https://alanpearce.localhost" = {
+          logFormat = "output discard";
+          serverAliases = [
+            "http://alanpearce.localhost"
+
+            # remember to update /etc/hosts
+            "https://alanpearce.test"
+            "http://alanpearce.test"
+          ];
+          extraConfig = ''
+            ${local_tls}
+            reverse_proxy http://alanpearce.test:8080 {
+              transport http {
+                dial_timeout 1s
+                compression off
+              }
             }
-          }
-          redir / https://alanpearce.test:8443 302
-        '';
-      };
-      "searchix.localhost" = {
-        extraConfig = ''
-          reverse_proxy http://localhost:7331 {
-            transport http {
-              dial_timeout 1s
-              compression off
+          '';
+        };
+        "searchix.localhost" = {
+          logFormat = "output discard";
+          extraConfig = ''
+            reverse_proxy http://localhost:7331 {
+              transport http {
+                dial_timeout 1s
+                compression off
+              }
             }
-          }
-        '';
+          '';
+        };
       };
-    };
   };
 }