566732a02cdc9a8a1b097858391a36fb91e31651
Add a general environment.snakeoil-certs module that generates self-signed certs at runtime (oneshot service + daily timer, idempotent via x509 -checkend). Terminate TLS for vaultwarden with nginx on port 8001 -> 127.0.0.1:8000 using a snakeoil cert, so it's reachable over the tailnet IP without the broken public reverse proxy.
first install enable lanzaboote 'sudo sbctl create-keys'
rebuild 'sudo nixos-rebuild switch --flake .# --no-write-lock-file -L --builders ""'
Description
Languages
Nix
99.4%
Luau
0.6%
