First roughly version of mkcert for hikari

It works, but one needs to generate them first before using them … ugly.

systems/hikari/web-development.nix

@@ -4,6 +4,8 @@
 
 {
   imports = [
+    ./web-development/mkcert.nix
+
     ./web-development/mailhog.localhost.nix
 
     ./web-development/daniel-siepmann.localhost.nix

systems/hikari/web-development/daniel-siepmann.localhost.nix

@@ -9,10 +9,13 @@ let
 in {
   services = {
     httpd.virtualHosts.${domain} = {
-      # TODO: Add SSL
-      # forceSSL = true;
-      # addSSL = true;
+
+      forceSSL = true;
+      sslServerCert = "/var/projects/own/mkcert/${domain}.pem";
+      sslServerKey = "/var/projects/own/mkcert/${domain}-key.pem";
+
       inherit documentRoot;
+
       extraConfig = ''
         <Directory ${documentRoot}>
             AllowOverride None

systems/hikari/web-development/mailhog.localhost.nix

@@ -5,9 +5,11 @@ let
 in {
   services = {
     httpd.virtualHosts.${domain} = {
-      # TODO: Add SSL
-      # forceSSL = true;
-      # addSSL = true;
+
+      forceSSL = true;
+      sslServerCert = "/var/projects/own/mkcert/${domain}.pem";
+      sslServerKey = "/var/projects/own/mkcert/${domain}-key.pem";
+
       extraConfig = ''
         RequestHeader unset Authorization
         ProxyRequests Off

systems/hikari/web-development/mkcert.nix

@@ -0,0 +1,29 @@
+{ pkgs, lib, config, ... }:
+
+let
+  custom-generate-certs = pkgs.writeShellApplication {
+    name = "custom-generate-certs";
+
+    runtimeInputs = [
+      pkgs.mkcert
+    ];
+
+    text = ''
+      mkcert -install
+      mkdir -p /var/projects/own/mkcert/
+      pushd /var/projects/own/mkcert/
+      # TODO: Grep from nix config
+      mkcert daniel-siepmann.localhost
+      mkcert mailhog.localhost
+    '';
+  };
+in {
+  # TODO: Run once before httpd service starts?
+  environment.systemPackages = [
+    custom-generate-certs
+  ];
+
+  security.pki.certificateFiles = [
+    /var/projects/own/mkcert/rootCA.pem
+  ];
+}