From 91dcf6ef11bbcf1ecaf5666064657694860b163f Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Thu, 27 Jun 2024 11:50:47 +0200 Subject: nanopi: enable local CA --- system/nanopi.nix | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/system/nanopi.nix b/system/nanopi.nix index b0253554..3c49ec8f 100755 --- a/system/nanopi.nix +++ b/system/nanopi.nix @@ -506,6 +506,7 @@ in localise-queries = true; interface-name = [ "nanopi.${domain},bridge0" + "ca.${domain},bridge0" "wan.${domain},wan0" "wlan.${domain},wlan0" ]; @@ -607,6 +608,46 @@ in }; }; + services.caddy = { + enable = true; + globalConfig = '' + auto_https disable_redirects + pki { + ca home { + name "Home CA" + } + } + ''; + virtualHosts = { + "nanopi.${domain}" = { + serverAliases = [ "nanopi.${ts_domain}" ]; + extraConfig = '' + tls { + issuer internal { + ca home + } + } + root /var/lib/caddy/ca + file_server browse + ''; + }; + "ca.${domain}" = { + extraConfig = '' + tls { + issuer internal { + ca home + } + } + acme_server { + allow { + domains *.test *.${domain} + } + } + ''; + }; + }; + }; + system.stateVersion = "23.05"; programs.fish = { -- cgit 1.4.1