From 12186e8005c05db378a67fa37a0b5e55db108b38 Mon Sep 17 00:00:00 2001 From: twoneis Date: Fri, 7 Feb 2025 22:33:31 +0100 Subject: [PATCH] slowly getting to acme setup --- modules/nginx/default.nix | 32 ++++++++++++++++++++++++++------ modules/website/default.nix | 7 ++----- 2 files changed, 28 insertions(+), 11 deletions(-) diff --git a/modules/nginx/default.nix b/modules/nginx/default.nix index e304bda..fd0bb1c 100644 --- a/modules/nginx/default.nix +++ b/modules/nginx/default.nix @@ -2,18 +2,38 @@ inherit (config) conf; inherit (lib) mkIf; in mkIf conf.nginx.enable { + security.acme = { + acceptTerms = true; + defaults.email = "mira.cp.0909@gmail.com"; + certs = { + "twoneis.site" = { + group = "nginx"; + extraDomainNames = [ "*.twoneis.site" ]; + dnsProvider = "porkbun"; + email = "mira.cp.0909@gmail.com"; + environmentFile = "/root/porkbun-creds"; + }; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + services.nginx = { enable = true; virtualHosts = { - ".twoneis.site" = { + default = { serverName = ".twoneis.site"; - forceSSL = false; - locations = { - "/" = { - return = "404"; - }; + default = true; + rejectSSL = true; + locations."/" = { + return = "404"; }; }; }; }; + + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; } diff --git a/modules/website/default.nix b/modules/website/default.nix index 4717379..e543112 100644 --- a/modules/website/default.nix +++ b/modules/website/default.nix @@ -5,7 +5,8 @@ in mkIf conf.website.enable { services.nginx.virtualHosts = { "twoneis.site" = { serverName = "twoneis.site"; - forceSSL = false; + useACMEHost = "twoneis.site"; + forceSSL = true; locations = { "/" = { return = "200 \"faggot\""; @@ -13,8 +14,4 @@ in mkIf conf.website.enable { }; }; }; - - networking.firewall.allowedTCPPorts = [ - 80 - ]; }