From 9753346efc025e8f6500adbc483e1c1339eea166 Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Thu, 27 Jun 2024 11:23:00 +0200 Subject: dev: enable testing acme clients and forwarding behaviour --- system/prefect.nix | 19 ++++++++++ system/settings/dev.nix | 92 ++++++++++++++++++++++++++----------------------- 2 files changed, 67 insertions(+), 44 deletions(-) (limited to 'system') diff --git a/system/prefect.nix b/system/prefect.nix index abee00fd..980e35ff 100644 --- a/system/prefect.nix +++ b/system/prefect.nix @@ -179,6 +179,25 @@ system.stateVersion = "23.05"; + security.pki.certificates = [ + '' + -----BEGIN CERTIFICATE----- + MIIBozCCAUqgAwIBAgIRAJ1slNK3lsucmYYUbtGRUvswCgYIKoZIzj0EAwIwMDEu + MCwGA1UEAxMlQ2FkZHkgTG9jYWwgQXV0aG9yaXR5IC0gMjAyNCBFQ0MgUm9vdDAe + Fw0yNDA2MjYxNTM3MTJaFw0zNDA1MDUxNTM3MTJaMDAxLjAsBgNVBAMTJUNhZGR5 + IExvY2FsIEF1dGhvcml0eSAtIDIwMjQgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggq + hkjOPQMBBwNCAAR1fc1TOhp9oNy/p40BfUd+E13b1/URwwocuZ5w0SKHTE/t8Hp+ + 7Zd9ZTYvQ7WxFfaVxmBCcFMUJsTm7bbYTEvlo0UwQzAOBgNVHQ8BAf8EBAMCAQYw + EgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUcnlbpAM2ZCRsiCzdFiM5EjCm + aoEwCgYIKoZIzj0EAwIDRwAwRAIgcKf3vRiF87G0r2+vgBbyfWo4D2TDQWkSrfek + Q0f1Q5UCIEmyeqrifbp5JnZqtm3IlGVIEQcUeVygqnV/xW3xCAgT + -----END CERTIFICATE----- + '' + ]; + networking.hosts = { + "127.0.0.80" = [ "alanpearce.test" "alanpearce.localhost" ]; + }; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; nix.settings.trusted-users = [ "root" "nixremote" ]; services.displayManager.hiddenUsers = [ "nixremote" ]; diff --git a/system/settings/dev.nix b/system/settings/dev.nix index 8d246c15..7d2e6193 100644 --- a/system/settings/dev.nix +++ b/system/settings/dev.nix @@ -1,58 +1,62 @@ -{ config -, lib -, pkgs -, ... -}: { - networking = lib.mkIf pkgs.stdenv.isLinux { - hosts = { - "127.0.0.80" = [ "alanpearce.test" ]; - }; - }; +{ ... }: { services.caddy = { enable = true; - virtualHosts = { - "localhost" = { - extraConfig = '' + globalConfig = '' + auto_https disable_redirects + ''; + virtualHosts = + let + local_tls = '' tls { issuer internal { ca local } } - acme_server { - allow { - domains *.test - } - } ''; - }; - "alanpearce.test" = { - serverAliases = [ "alanpearce.localhost" ]; - extraConfig = '' - tls { - issuer internal { - ca local + in + { + "localhost" = { + logFormat = "output discard"; + extraConfig = '' + ${local_tls} + acme_server { + allow { + domains *.test *.localhost + } } - } - reverse_proxy http://alanpearce.test:3000 { - header_up Host alanpearce.test - transport http { - dial_timeout 1s - compression off + ''; + }; + # need to test forwarding behaviour + "https://alanpearce.localhost" = { + logFormat = "output discard"; + serverAliases = [ + "http://alanpearce.localhost" + + # remember to update /etc/hosts + "https://alanpearce.test" + "http://alanpearce.test" + ]; + extraConfig = '' + ${local_tls} + reverse_proxy http://alanpearce.test:8080 { + transport http { + dial_timeout 1s + compression off + } } - } - redir / https://alanpearce.test:8443 302 - ''; - }; - "searchix.localhost" = { - extraConfig = '' - reverse_proxy http://localhost:7331 { - transport http { - dial_timeout 1s - compression off + ''; + }; + "searchix.localhost" = { + logFormat = "output discard"; + extraConfig = '' + reverse_proxy http://localhost:7331 { + transport http { + dial_timeout 1s + compression off + } } - } - ''; + ''; + }; }; - }; }; } -- cgit 1.4.1