Auto generate certificates for local web development
This commit is contained in:
parent
1c5e9ac4ad
commit
e895f5a40f
|
@ -32,7 +32,6 @@
|
||||||
litecli
|
litecli
|
||||||
sqlite
|
sqlite
|
||||||
mycli
|
mycli
|
||||||
mkcert # TODO: Create own wrapper script to create new certs
|
|
||||||
tig
|
tig
|
||||||
universal-ctags
|
universal-ctags
|
||||||
ripgrep
|
ripgrep
|
||||||
|
|
|
@ -6,31 +6,12 @@
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
certFolder = "/var/projects/own/mkcert";
|
|
||||||
|
|
||||||
domains = builtins.concatStringsSep " " (
|
domains = builtins.concatStringsSep " " (
|
||||||
map (domain: "\"${domain}\"") (
|
map (domain: "\"${domain}\"") (
|
||||||
builtins.attrNames config.services.httpd.virtualHosts
|
builtins.attrNames config.services.httpd.virtualHosts
|
||||||
)
|
)
|
||||||
);
|
);
|
||||||
|
|
||||||
custom-generate-certs = pkgs.writeShellApplication {
|
|
||||||
name = "custom-generate-certs";
|
|
||||||
|
|
||||||
runtimeInputs = [
|
|
||||||
pkgs.mkcert
|
|
||||||
];
|
|
||||||
|
|
||||||
text = ''
|
|
||||||
mkdir -p ${certFolder}
|
|
||||||
pushd ${certFolder}
|
|
||||||
declare -a domains=(${domains})
|
|
||||||
for domain in "''${domains[@]}"
|
|
||||||
do
|
|
||||||
CAROOT="${certFolder}" mkcert "$domain"
|
|
||||||
done
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
in {
|
in {
|
||||||
options = {
|
options = {
|
||||||
custom.web-development = {
|
custom.web-development = {
|
||||||
|
@ -43,16 +24,24 @@ in {
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
|
||||||
# TODO: Run once before httpd service starts?
|
|
||||||
environment.systemPackages = [
|
|
||||||
custom-generate-certs
|
|
||||||
];
|
|
||||||
|
|
||||||
# NOTE: Disable until root certificate is generated, then add again
|
# NOTE: Disable until root certificate is generated, then add again
|
||||||
# Maybe check for file existense and throw proper error message?
|
# Maybe check for file existense and throw proper error message?
|
||||||
security.pki.certificates = [
|
security.pki.certificates = [
|
||||||
(builtins.readFile "${config.custom.web-development.certFolder}rootCA.pem")
|
(builtins.readFile "${config.custom.web-development.certFolder}rootCA.pem")
|
||||||
];
|
];
|
||||||
|
|
||||||
|
system.activationScripts.createWebDevelopmentCerts = {
|
||||||
|
text = ''
|
||||||
|
mkdir -p ${config.custom.web-development.certFolder}
|
||||||
|
pushd ${config.custom.web-development.certFolder}
|
||||||
|
declare -a domains=(${domains})
|
||||||
|
for domain in "''${domains[@]}"
|
||||||
|
do
|
||||||
|
CAROOT="${config.custom.web-development.certFolder}" ${pkgs.mkcert}/bin/mkcert "$domain" 2> /dev/null
|
||||||
|
done
|
||||||
|
chown ${config.services.httpd.user}:${config.services.httpd.group} ${config.custom.web-development.certFolder}/*
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue