chore: setup hosting environment

asset/nginx/blekin.kosherinata.internal.conf

@@ -1,6 +1,12 @@
 server {
-    listen 80;
     server_name blekin.kosherinata.internal;
+    listen 443 ssl;
+    http2 on;
+
+    ssl_certificate /etc/nginx/tls/cert/blekin.kosherinata.internal.pem;
+    ssl_certificate_key /etc/nginx/tls/key/blekin.kosherinata.internal.pem;
+    #ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/root-internal.pem;
+    ssl_protocols TLSv1.3;
 
     root /var/www/blekin.kosherinata.internal;
     index index.html;

asset/systemd/step-kosherinata@.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=step cert renew for %i.kosherinata.internal
+Documentation=https://smallstep.com/docs/step-ca/renewal
+
+[Service]
+Type=oneshot
+ExecCondition=/usr/bin/step certificate needs-renewal \
+    /etc/nginx/tls/cert/%i.kosherinata.internal.pem
+ExecStart=/usr/bin/step ca renew \
+    --force \
+    --ca-url https://ca.internal \
+    --root /etc/pki/ca-trust/source/anchors/root-internal.pem \
+    /etc/nginx/tls/cert/%i.kosherinata.internal.pem \
+    /etc/nginx/tls/key/%i.kosherinata.internal.pem
+ExecStartPost=/usr/bin/systemctl reload nginx.service