First roughly version of mkcert for hikari
It works, but one needs to generate them first before using them … ugly.
This commit is contained in:
parent
32435cb94b
commit
6739dbf166
|
@ -4,6 +4,8 @@
|
|||
|
||||
{
|
||||
imports = [
|
||||
./web-development/mkcert.nix
|
||||
|
||||
./web-development/mailhog.localhost.nix
|
||||
|
||||
./web-development/daniel-siepmann.localhost.nix
|
||||
|
|
|
@ -9,10 +9,13 @@ let
|
|||
in {
|
||||
services = {
|
||||
httpd.virtualHosts.${domain} = {
|
||||
# TODO: Add SSL
|
||||
# forceSSL = true;
|
||||
# addSSL = true;
|
||||
|
||||
forceSSL = true;
|
||||
sslServerCert = "/var/projects/own/mkcert/${domain}.pem";
|
||||
sslServerKey = "/var/projects/own/mkcert/${domain}-key.pem";
|
||||
|
||||
inherit documentRoot;
|
||||
|
||||
extraConfig = ''
|
||||
<Directory ${documentRoot}>
|
||||
AllowOverride None
|
||||
|
|
|
@ -5,9 +5,11 @@ let
|
|||
in {
|
||||
services = {
|
||||
httpd.virtualHosts.${domain} = {
|
||||
# TODO: Add SSL
|
||||
# forceSSL = true;
|
||||
# addSSL = true;
|
||||
|
||||
forceSSL = true;
|
||||
sslServerCert = "/var/projects/own/mkcert/${domain}.pem";
|
||||
sslServerKey = "/var/projects/own/mkcert/${domain}-key.pem";
|
||||
|
||||
extraConfig = ''
|
||||
RequestHeader unset Authorization
|
||||
ProxyRequests Off
|
||||
|
|
29
systems/hikari/web-development/mkcert.nix
Normal file
29
systems/hikari/web-development/mkcert.nix
Normal file
|
@ -0,0 +1,29 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
|
||||
let
|
||||
custom-generate-certs = pkgs.writeShellApplication {
|
||||
name = "custom-generate-certs";
|
||||
|
||||
runtimeInputs = [
|
||||
pkgs.mkcert
|
||||
];
|
||||
|
||||
text = ''
|
||||
mkcert -install
|
||||
mkdir -p /var/projects/own/mkcert/
|
||||
pushd /var/projects/own/mkcert/
|
||||
# TODO: Grep from nix config
|
||||
mkcert daniel-siepmann.localhost
|
||||
mkcert mailhog.localhost
|
||||
'';
|
||||
};
|
||||
in {
|
||||
# TODO: Run once before httpd service starts?
|
||||
environment.systemPackages = [
|
||||
custom-generate-certs
|
||||
];
|
||||
|
||||
security.pki.certificateFiles = [
|
||||
/var/projects/own/mkcert/rootCA.pem
|
||||
];
|
||||
}
|
Loading…
Reference in a new issue