2023-02-05 13:32:42 +01:00
|
|
|
{ pkgs, lib, config, ... }:
|
|
|
|
|
|
|
|
let
|
2023-02-05 13:56:06 +01:00
|
|
|
certFolder = "/var/projects/own/mkcert";
|
|
|
|
|
|
|
|
domains = builtins.concatStringsSep " " (
|
|
|
|
map (domain: "\"${domain}\"") (
|
|
|
|
builtins.attrNames config.services.httpd.virtualHosts
|
|
|
|
)
|
|
|
|
);
|
|
|
|
|
2023-02-05 13:32:42 +01:00
|
|
|
custom-generate-certs = pkgs.writeShellApplication {
|
|
|
|
name = "custom-generate-certs";
|
|
|
|
|
|
|
|
runtimeInputs = [
|
|
|
|
pkgs.mkcert
|
|
|
|
];
|
|
|
|
|
|
|
|
text = ''
|
2023-02-05 13:56:06 +01:00
|
|
|
mkdir -p ${certFolder}
|
|
|
|
pushd ${certFolder}
|
|
|
|
declare -a domains=(${domains})
|
|
|
|
for domain in "''${domains[@]}"
|
|
|
|
do
|
|
|
|
CAROOT="${certFolder}" mkcert "$domain"
|
|
|
|
done
|
2023-02-05 13:32:42 +01:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
in {
|
2023-02-05 14:11:22 +01:00
|
|
|
options = {
|
|
|
|
custom.web-development = {
|
|
|
|
certFolder = lib.mkOption {
|
|
|
|
type = lib.types.path;
|
|
|
|
default = "${config.custom.web-development.rootPath}/own/mkcert/";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = {
|
2023-02-07 08:57:10 +01:00
|
|
|
|
2023-02-05 14:11:22 +01:00
|
|
|
# TODO: Run once before httpd service starts?
|
|
|
|
environment.systemPackages = [
|
|
|
|
custom-generate-certs
|
|
|
|
];
|
2023-02-05 13:32:42 +01:00
|
|
|
|
2023-02-05 14:11:22 +01:00
|
|
|
# NOTE: Disable until root certificate is generated, then add again
|
2023-02-15 16:42:27 +01:00
|
|
|
# Maybe check for file existense and throw proper error message?
|
2023-02-05 14:11:22 +01:00
|
|
|
security.pki.certificates = [
|
|
|
|
(builtins.readFile "${config.custom.web-development.certFolder}rootCA.pem")
|
|
|
|
];
|
2023-02-07 08:57:10 +01:00
|
|
|
|
2023-02-05 14:11:22 +01:00
|
|
|
};
|
2023-02-05 13:32:42 +01:00
|
|
|
}
|