caddy_permissions script for local https certs

2024-07-14 15:18:45 +03:00 · 2024-07-14 15:18:45 +03:00 · 085c0e27e2
commit 085c0e27e2
parent 8e4b70157b
2 changed files with 11 additions and 3 deletions
--- a/.envrc
+++ b/.envrc
@ -2,8 +2,8 @@ if ! has nix_direnv_version || ! nix_direnv_version 2.2.1; then
  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.2.1/direnvrc" "sha256-zelF0vLbEl5uaqrfIzbgNzJWGmLzCmYAkInj/LNxvKs="
 fi

-nix_direnv_watch_file flake.nix
-nix_direnv_watch_file flake.lock
+watch_file flake.nix
+watch_file flake.lock
 if ! use flake . --impure
 then
  echo "devenv could not be built. The devenv environment was not loaded. Make the necessary changes to devenv.nix and hit enter to try again." >&2
--- a/flake.nix
+++ b/flake.nix
@ -61,15 +61,23 @@

                  services.caddy = {
                    enable = true;
-                    virtualHosts.":8000" = {
+                    package = pkgs.caddy;
+                    virtualHosts."localhost:8000" = {
                      extraConfig = ''
                        root * ${config.env.DEVENV_ROOT}/core
                        php_fastcgi unix/${config.languages.php.fpm.pools.wp.socket}
                        file_server
+                        tls internal {
+                          on_demand
+                        }
                      '';
                    };
                  };

+                  scripts.caddy_permissions.exec = ''
+                    sudo setcap cap_net_bind_service=+ep ${pkgs.caddy}/bin/caddy
+                  '';
+
                  # scripts.install_wp.exec = ''
                  #   set -e
                  #   if ! [ -d ./data ]; then