Auto generate certificates for local web development
This commit is contained in:
parent
1c5e9ac4ad
commit
e895f5a40f
|
@ -32,7 +32,6 @@
|
|||
litecli
|
||||
sqlite
|
||||
mycli
|
||||
mkcert # TODO: Create own wrapper script to create new certs
|
||||
tig
|
||||
universal-ctags
|
||||
ripgrep
|
||||
|
|
|
@ -6,31 +6,12 @@
|
|||
}:
|
||||
|
||||
let
|
||||
certFolder = "/var/projects/own/mkcert";
|
||||
|
||||
domains = builtins.concatStringsSep " " (
|
||||
map (domain: "\"${domain}\"") (
|
||||
builtins.attrNames config.services.httpd.virtualHosts
|
||||
)
|
||||
);
|
||||
|
||||
custom-generate-certs = pkgs.writeShellApplication {
|
||||
name = "custom-generate-certs";
|
||||
|
||||
runtimeInputs = [
|
||||
pkgs.mkcert
|
||||
];
|
||||
|
||||
text = ''
|
||||
mkdir -p ${certFolder}
|
||||
pushd ${certFolder}
|
||||
declare -a domains=(${domains})
|
||||
for domain in "''${domains[@]}"
|
||||
do
|
||||
CAROOT="${certFolder}" mkcert "$domain"
|
||||
done
|
||||
'';
|
||||
};
|
||||
in {
|
||||
options = {
|
||||
custom.web-development = {
|
||||
|
@ -43,16 +24,24 @@ in {
|
|||
|
||||
config = {
|
||||
|
||||
# TODO: Run once before httpd service starts?
|
||||
environment.systemPackages = [
|
||||
custom-generate-certs
|
||||
];
|
||||
|
||||
# NOTE: Disable until root certificate is generated, then add again
|
||||
# Maybe check for file existense and throw proper error message?
|
||||
security.pki.certificates = [
|
||||
(builtins.readFile "${config.custom.web-development.certFolder}rootCA.pem")
|
||||
];
|
||||
|
||||
system.activationScripts.createWebDevelopmentCerts = {
|
||||
text = ''
|
||||
mkdir -p ${config.custom.web-development.certFolder}
|
||||
pushd ${config.custom.web-development.certFolder}
|
||||
declare -a domains=(${domains})
|
||||
for domain in "''${domains[@]}"
|
||||
do
|
||||
CAROOT="${config.custom.web-development.certFolder}" ${pkgs.mkcert}/bin/mkcert "$domain" 2> /dev/null
|
||||
done
|
||||
chown ${config.services.httpd.user}:${config.services.httpd.group} ${config.custom.web-development.certFolder}/*
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue