Auto generate certificates for local web development

home/packages.nix

@@ -32,7 +32,6 @@
     litecli
     sqlite
     mycli
-    mkcert # TODO: Create own wrapper script to create new certs
     tig
     universal-ctags
     ripgrep

systems/web-development/mkcert.nix

@@ -6,31 +6,12 @@
 }:
 
 let
-  certFolder = "/var/projects/own/mkcert";
-
   domains = builtins.concatStringsSep " " (
     map (domain: "\"${domain}\"") (
       builtins.attrNames config.services.httpd.virtualHosts
     )
   );
 
-  custom-generate-certs = pkgs.writeShellApplication {
-    name = "custom-generate-certs";
-
-    runtimeInputs = [
-      pkgs.mkcert
-    ];
-
-    text = ''
-      mkdir -p ${certFolder}
-      pushd ${certFolder}
-      declare -a domains=(${domains})
-      for domain in "''${domains[@]}"
-      do
-        CAROOT="${certFolder}" mkcert "$domain"
-      done
-    '';
-  };
 in {
   options = {
     custom.web-development = {
@@ -43,16 +24,24 @@ in {
 
   config = {
 
-    # TODO: Run once before httpd service starts?
-    environment.systemPackages = [
-      custom-generate-certs
-    ];
-
     # NOTE: Disable until root certificate is generated, then add again
     # Maybe check for file existense and throw proper error message?
     security.pki.certificates = [
       (builtins.readFile "${config.custom.web-development.certFolder}rootCA.pem")
     ];
 
+    system.activationScripts.createWebDevelopmentCerts = {
+      text = ''
+        mkdir -p ${config.custom.web-development.certFolder}
+        pushd ${config.custom.web-development.certFolder}
+        declare -a domains=(${domains})
+        for domain in "''${domains[@]}"
+        do
+          CAROOT="${config.custom.web-development.certFolder}" ${pkgs.mkcert}/bin/mkcert "$domain" 2> /dev/null
+        done
+        chown ${config.services.httpd.user}:${config.services.httpd.group} ${config.custom.web-development.certFolder}/*
+      '';
+    };
+
   };
 }