From aaf13ed811404b1455bf9cd0551957fcdc58e587 Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Thu, 27 Jun 2024 01:21:32 +0200
Subject: dev: allow website to use acme to provision own cert

---
 system/settings/dev.nix | 32 +++++++++++++++++++++++++-------
 1 file changed, 25 insertions(+), 7 deletions(-)

(limited to 'system')

diff --git a/system/settings/dev.nix b/system/settings/dev.nix
index e975c214..8d246c15 100644
--- a/system/settings/dev.nix
+++ b/system/settings/dev.nix
@@ -1,7 +1,13 @@
 { config
+, lib
 , pkgs
 , ...
 }: {
+  networking = lib.mkIf pkgs.stdenv.isLinux {
+    hosts = {
+      "127.0.0.80" = [ "alanpearce.test" ];
+    };
+  };
   services.caddy = {
     enable = true;
     virtualHosts = {
@@ -12,17 +18,29 @@
               ca local
             }
           }
-          acme_server
+          acme_server {
+            allow {
+              domains *.test
+            }
+          }
         '';
       };
-      "alanpearce.localhost" = {
+      "alanpearce.test" = {
+        serverAliases = [ "alanpearce.localhost" ];
         extraConfig = ''
-          reverse_proxy h2c://alanpearce.localhost:3000 {
-              transport http {
-                dial_timeout 1s
-                compression off
-              }
+          tls {
+            issuer internal {
+              ca local
             }
+          }
+          reverse_proxy http://alanpearce.test:3000 {
+            header_up Host alanpearce.test
+            transport http {
+              dial_timeout 1s
+              compression off
+            }
+          }
+          redir / https://alanpearce.test:8443 302
         '';
       };
       "searchix.localhost" = {
-- 
cgit 1.4.1