slowly getting to acme setup

2025-02-07 22:33:31 +01:00 · 2025-02-07 22:33:31 +01:00 · 12186e8005
commit 12186e8005
parent 9634b57b86
2 changed files with 28 additions and 11 deletions
--- a/modules/nginx/default.nix
+++ b/modules/nginx/default.nix
@ -2,18 +2,38 @@
  inherit (config) conf;
  inherit (lib) mkIf;
 in mkIf conf.nginx.enable {
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "mira.cp.0909@gmail.com";
+    certs = {
+      "twoneis.site" = {
+        group = "nginx";
+        extraDomainNames = [ "*.twoneis.site" ];
+        dnsProvider = "porkbun";
+        email = "mira.cp.0909@gmail.com";
+        environmentFile = "/root/porkbun-creds";
+      };
+    };
+  };
+
+  users.users.nginx.extraGroups = [ "acme" ];
+
  services.nginx = {
    enable = true;
    virtualHosts = {
-      ".twoneis.site" = {
+      default = {
        serverName = ".twoneis.site";
-        forceSSL = false;
-        locations = {
-          "/" = {
-            return = "404";
-          };
+        default = true;
+        rejectSSL = true;
+        locations."/" = {
+          return = "404";
        };
      };
    };
  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
 }