caddy_permissions script for local https certs

.envrc

@@ -2,8 +2,8 @@ if ! has nix_direnv_version || ! nix_direnv_version 2.2.1; then
   source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/2.2.1/direnvrc" "sha256-zelF0vLbEl5uaqrfIzbgNzJWGmLzCmYAkInj/LNxvKs="
 fi
 
-nix_direnv_watch_file flake.nix
+watch_file flake.nix
-nix_direnv_watch_file flake.lock
+watch_file flake.lock
 if ! use flake . --impure
 then
   echo "devenv could not be built. The devenv environment was not loaded. Make the necessary changes to devenv.nix and hit enter to try again." >&2

flake.nix

@@ -61,15 +61,23 @@
 
                   services.caddy = {
                     enable = true;
-                    virtualHosts.":8000" = {
+                    package = pkgs.caddy;
+                    virtualHosts."localhost:8000" = {
                       extraConfig = ''
                         root * ${config.env.DEVENV_ROOT}/core
                         php_fastcgi unix/${config.languages.php.fpm.pools.wp.socket}
                         file_server
+                        tls internal {
+                          on_demand
+                        }
                       '';
                     };
                   };
 
+                  scripts.caddy_permissions.exec = ''
+                    sudo setcap cap_net_bind_service=+ep ${pkgs.caddy}/bin/caddy
+                  '';
+
                   # scripts.install_wp.exec = ''
                   #   set -e
                   #   if ! [ -d ./data ]; then