From 91dcf6ef11bbcf1ecaf5666064657694860b163f Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Thu, 27 Jun 2024 11:50:47 +0200
Subject: nanopi: enable local CA

---
 system/nanopi.nix | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/system/nanopi.nix b/system/nanopi.nix
index b0253554..3c49ec8f 100755
--- a/system/nanopi.nix
+++ b/system/nanopi.nix
@@ -506,6 +506,7 @@ in
       localise-queries = true;
       interface-name = [
         "nanopi.${domain},bridge0"
+        "ca.${domain},bridge0"
         "wan.${domain},wan0"
         "wlan.${domain},wlan0"
       ];
@@ -607,6 +608,46 @@ in
     };
   };
 
+  services.caddy = {
+    enable = true;
+    globalConfig = ''
+      auto_https disable_redirects
+      pki {
+        ca home {
+          name "Home CA"
+        }
+      }
+    '';
+    virtualHosts = {
+      "nanopi.${domain}" = {
+        serverAliases = [ "nanopi.${ts_domain}" ];
+        extraConfig = ''
+          tls {
+            issuer internal {
+              ca home
+            }
+          }
+          root /var/lib/caddy/ca
+          file_server browse
+        '';
+      };
+      "ca.${domain}" = {
+        extraConfig = ''
+          tls {
+            issuer internal {
+              ca home
+            }
+          }
+          acme_server {
+            allow {
+              domains *.test *.${domain}
+            }
+          }
+        '';
+      };
+    };
+  };
+
   system.stateVersion = "23.05";
 
   programs.fish = {
-- 
cgit 1.4.1