home.scm: Add caddy development ca-certificate

* .guix/rekahsoft/guix-config/home.scm (caddy-local-ca-cert): New variable. Defines a package that contains the ca certificate used by caddy in local development on this machine. * .ca-certificates/caddy-local-dev.pem: New file, the pem encoded certificate used by caddy in local development (note: this is specific to my personal laptop)
2022-08-27 14:52:13 -04:00 · 2022-08-27 14:52:13 -04:00 · 7dbf427881
parent 888b9c2cd4
commit 7dbf427881
2 changed files with 59 additions and 0 deletions
--- a/.ca-certificates/caddy-local-dev.pem
+++ b/.ca-certificates/caddy-local-dev.pem
@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBozCCAUqgAwIBAgIRAPJ+Z8gSmjk1FTKqFds8n00wCgYIKoZIzj0EAwIwMDEu
+MCwGA1UEAxMlQ2FkZHkgTG9jYWwgQXV0aG9yaXR5IC0gMjAyMiBFQ0MgUm9vdDAe
+Fw0yMjA4MjYyMjIyMTFaFw0zMjA3MDQyMjIyMTFaMDAxLjAsBgNVBAMTJUNhZGR5
+IExvY2FsIEF1dGhvcml0eSAtIDIwMjIgRUNDIFJvb3QwWTATBgcqhkjOPQIBBggq
+hkjOPQMBBwNCAARO38bVJQoZOS1MTT03r9Rz/vWxI2oxk441D5ET9cwq6PWzzGYW
+15f1XePqiEWcV5xwp67EU32nBHdLqJlx2HZxo0UwQzAOBgNVHQ8BAf8EBAMCAQYw
+EgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUYuyf1bWTKJTIc6pyK/aAqThH
+wxgwCgYIKoZIzj0EAwIDRwAwRAIgbT15r1rwsGjNMbjohYuyHv5kMCjEDAzXlAQr
+VZF2C7sCIArqFtdtf4vDn4RAM+2W47hHwGjBPLN8joONKLU2m1dC
+-----END CERTIFICATE-----
--- a/.guix/rekahsoft/guix-config/home.scm
+++ b/.guix/rekahsoft/guix-config/home.scm
@ -5,6 +5,11 @@
  #:use-module (guix profiles)
  #:use-module (guix transformations)
  #:use-module (guix gexp)
+  #:use-module (gnu packages tls)
+  #:use-module (gnu packages perl)
+  #:use-module (guix packages)
+  #:use-module (guix build-system trivial)
+  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (gnu home services shells)
  #:use-module (gnu home services desktop)
  #:use-module (nongnu packages mozilla)
@ -16,6 +21,46 @@
  #:use-module (rekahsoft-gnu packages terraform)
  #:export (%home %home-manifest))

+(define-public caddy-local-ca-cert
+  (package
+    (name "caddy-local-ca-cert")
+    (version "1")
+    (source #f)
+    (build-system trivial-build-system)
+    (arguments
+     '(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((ca-cert (assoc-ref %build-inputs "caddy-dev-ca.pem"))
+               (out (string-append (assoc-ref %outputs "out") "/etc/ssl/certs"))
+               (openssl (assoc-ref %build-inputs "openssl"))
+               (perl (assoc-ref %build-inputs "perl")))
+           (mkdir-p out)
+           (for-each
+             (lambda (cert)
+               (copy-file cert (string-append out "/"
+                                              (strip-store-file-name cert))))
+             (list ca-cert))
+
+           ;; Create hash symlinks suitable for OpenSSL ('SSL_CERT_DIR' and
+           ;; similar.)
+           (chdir (string-append %output "/etc/ssl/certs"))
+           (invoke (string-append perl "/bin/perl")
+                   (string-append openssl "/bin/c_rehash")
+                   ".")))))
+    (native-inputs
+     (list openssl perl))                           ;for 'c_rehash'
+    (inputs
+     `(; The CA certificate used by caddy for local development
+       ("caddy-dev-ca.pem"
+        ,(local-file "../../../.ca-certificates/caddy-local-dev.pem"))))
+    (home-page "https://caddyserver.com")
+    (synopsis "Local CA used for caddy development server")
+    (description "This package provides a certificate store containing a
+single certifcate used for local development with caddy.")
+    (license license:public-domain)))
+
 (define transform--emacs-helm-mu
  (options->transformation
   '((with-commit . "emacs-helm-mu=b85019d01815a4b58d6016c3a30fefa60d8363f2"))))
@ -25,6 +70,9 @@
   (list
    (packages->manifest
     (list
+      ;; ca-certificate for local caddy development server
+      caddy-local-ca-cert
+
      ;; Temporary: emacs-helm-mu is broken but has been fixed upstream
      (transform--emacs-helm-mu
       (specification->package "emacs-helm-mu"))