Add nginx reverse proxy for dev environment.

This adds step-ca, but misses the step of having the CA initialize
itself and create the certificate and add the cert to
/etc/nixos/certs/sovr.[crt|key].

nalai/etc/nixos/configuration.nix

@@ -26,6 +26,12 @@
   # Configure console keymap
   console.keyMap = "us";
 
+  environment.etc."nginx/certs/sovr.crt" = {
+    source = ./certs/sovr.crt;
+  };
+  environment.etc."nginx/certs/sovr.key" = {
+    source = ./certs/sovr.key;
+  };
   # Bluetooth
   hardware.bluetooth.enable = true; # enables support for Bluetooth
   hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
@@ -73,6 +79,7 @@
   };
   networking.extraHosts = ''
   192.168.1.5 pihole.home.arpa
+  127.0.0.1 sovr.home.arpa
   '';
   networking.hostName = "nalai"; # Define your hostname.
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
@@ -106,6 +113,17 @@
   services.displayManager.sddm.enable = true;
   services.desktopManager.plasma6.enable = true;
 
+  services.nginx.enable = true;
+  services.nginx.virtualHosts."sovr.home.arpa" = {
+    addSSL = true;
+    enableACME = false;
+    sslCertificate = "/etc/nginx/certs/sovr.crt";
+    sslCertificateKey = "/etc/nginx/certs/sovr.key";
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8080";
+    };
+  };
+
   # Enable CUPS to print documents.
   services.printing.enable = true;
   services.printing.drivers = [
@@ -203,6 +221,7 @@
     ndisc6
     nfs-utils
     neovim
+    nginx
     om4
     poetry
     python3
@@ -211,6 +230,8 @@
     signal-desktop
     splix
     spotify
+    step-ca
+    step-cli
     thunderbird
     tig
     tmux