From 085c0e27e2d9e4b7ebc60de7a0f61fe0807041a8 Mon Sep 17 00:00:00 2001
From: Nikos Papadakis <nikos@papadakis.xyz>
Date: Sun, 14 Jul 2024 15:18:45 +0300
Subject: [PATCH] caddy_permissions script for local https certs

---
 .envrc    |  4 ++--
 flake.nix | 10 +++++++++-
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/.envrc b/.envrc
index ac18306..c420855 100644
--- a/.envrc
+++ b/.envrc
@@ -2,8 +2,8 @@ if ! has nix_direnv_version || ! nix_direnv_version 2.2.1; then
   source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.2.1/direnvrc" "sha256-zelF0vLbEl5uaqrfIzbgNzJWGmLzCmYAkInj/LNxvKs="
 fi
 
-nix_direnv_watch_file flake.nix
-nix_direnv_watch_file flake.lock
+watch_file flake.nix
+watch_file flake.lock
 if ! use flake . --impure
 then
   echo "devenv could not be built. The devenv environment was not loaded. Make the necessary changes to devenv.nix and hit enter to try again." >&2
diff --git a/flake.nix b/flake.nix
index 513ccd6..657bfea 100644
--- a/flake.nix
+++ b/flake.nix
@@ -61,15 +61,23 @@
 
                   services.caddy = {
                     enable = true;
-                    virtualHosts.":8000" = {
+                    package = pkgs.caddy;
+                    virtualHosts."localhost:8000" = {
                       extraConfig = ''
                         root * ${config.env.DEVENV_ROOT}/core
                         php_fastcgi unix/${config.languages.php.fpm.pools.wp.socket}
                         file_server
+                        tls internal {
+                          on_demand
+                        }
                       '';
                     };
                   };
 
+                  scripts.caddy_permissions.exec = ''
+                    sudo setcap cap_net_bind_service=+ep ${pkgs.caddy}/bin/caddy
+                  '';
+
                   # scripts.install_wp.exec = ''
                   #   set -e
                   #   if ! [ -d ./data ]; then