Adds SSL

README.md

@@ -0,0 +1,21 @@
+## Using selfsigned SSL Keys for a PWA on Android
+
+Generate selfsigned ssl keys with:
+```
+HOSTNAME=melodypond
+openssl genrsa -out ssl/snakeoil.key
+openssl x509 -new -key ss/snakeoil.key -out ssl/snakeoil.crt -subj "/CN=$HOSTNAME" -extfile ssl/options.txt
+# Then manually copy the key and certificate to /etc/ssl on the server.
+#   and onto the Android device used as the controller.
+```
+
+These keys can then be added to the Android device used as the controller by going to
+`Settings >> Security >> Credentials >> Install >> CA` then selecting the certificate
+and rebooting the device.
+
+If you are using a Firefox-based browser on the phone, you will also need to enable third party certificates
+in the Firefox app's developer settings.
+This can be accessed by tapping the logo on the about screen many times, then going to
+`Settings >> Secret Settings >> Use Third Party CAs`
+
+Firefox should now show the site as secure and allow installing the PWA.

melodies.nix

@@ -1,7 +1,11 @@
 {pkgs, config, ...}:
 {
   services.nginx.enable = true;
+
   services.nginx.virtualHosts."${config.networking.hostName}" = {
+    addSSL = true;
+    sslCertificate = "/etc/ssl/snakeoil.crt";
+    sslCertificateKey = "/etc/ssl/snakeoil.key";
     root = pkgs.mmelodies.frontend;
     locations."/hls/" = {
       alias = "/var/cache/hls/";

ssl/options.txt

@@ -0,0 +1 @@
+basicConstraints = CA:true