diff options
| author | Soispha <soispha@vhack.eu> | 2023-06-25 20:36:37 +0200 |
|---|---|---|
| committer | Soispha <soispha@vhack.eu> | 2023-06-25 20:52:33 +0200 |
| commit | 1f6ff65c9a51651a3bf428bf0d304976bc1c3d79 (patch) | |
| tree | 996b36f163fbadac2ef6c8131c416a37fdc1870a | |
| parent | Fix(system/services/git-sync): Use correct systemd options (diff) | |
| download | nixos-server-1f6ff65c9a51651a3bf428bf0d304976bc1c3d79.tar.gz nixos-server-1f6ff65c9a51651a3bf428bf0d304976bc1c3d79.zip | |
Fix(system/services/acme): Leave certs generation to nixos
| -rw-r--r-- | system/services/acme/default.nix | 38 | ||||
| -rw-r--r-- | system/services/acme/domains.nix | bin | 130 -> 0 bytes | |||
| -rw-r--r-- | system/services/default.nix | 1 | ||||
| -rw-r--r-- | system/services/nginx/default.nix | 6 | ||||
| -rw-r--r-- | system/services/nginx/hosts.nix | bin | 676 -> 989 bytes |
5 files changed, 6 insertions, 39 deletions
diff --git a/system/services/acme/default.nix b/system/services/acme/default.nix deleted file mode 100644 index 0a0c4ce..0000000 --- a/system/services/acme/default.nix +++ /dev/null @@ -1,38 +0,0 @@ -{lib, ...}: let - domains = import ./domains.nix {}; - - virtualHosts = builtins.listToAttrs ( - builtins.map (domain_name: { - name = "acmechallenge.${domain_name}"; - value = { - serverAliases = ["*.${domain_name}"]; - locations."/.well-known/acme-challenge" = { - root = "/var/lib/acme/.challenges"; - }; - locations."/" = { - return = "301 https://$host$request_uri"; - }; - }; - }) - domains - ); - certs = lib.attrsets.genAttrs domains ( - domain_name: { - webroot = "/var/lib/acme/.challenges"; - group = "nginx"; - } - ); -in { - users.users.nginx.extraGroups = ["acme"]; - - services.nginx = { - enable = true; - inherit virtualHosts; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "admin@vhack.eu"; - inherit certs; - }; -} diff --git a/system/services/acme/domains.nix b/system/services/acme/domains.nix deleted file mode 100644 index 8f0930d..0000000 --- a/system/services/acme/domains.nix +++ /dev/null Binary files differdiff --git a/system/services/default.nix b/system/services/default.nix index d1f2c85..2e2b751 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -1,6 +1,5 @@ {...}: { imports = [ - ./acme ./keycloak ./minecraft ./nginx diff --git a/system/services/nginx/default.nix b/system/services/nginx/default.nix index 6753fb0..3eb98d3 100644 --- a/system/services/nginx/default.nix +++ b/system/services/nginx/default.nix @@ -2,6 +2,10 @@ imports = [ ./hosts.nix ]; + security.acme.acceptTerms = true; + security.acme.defaults.email = "admin@vhack.eu"; + security.acme.defaults.webroot = "/srv/acme/"; + networking.firewall = { allowedTCPPorts = [80 443]; }; @@ -9,3 +13,5 @@ enable = true; }; } +# vim: ts=2 + diff --git a/system/services/nginx/hosts.nix b/system/services/nginx/hosts.nix index 0dddb16..a1acd12 100644 --- a/system/services/nginx/hosts.nix +++ b/system/services/nginx/hosts.nix Binary files differ |