mira/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

slowly getting to acme setup

Browse source
This commit is contained in:
twoneis 2025-02-07 22:33:31 +01:00
parent 9634b57b86
commit 12186e8005
2 changed files with 28 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

32
modules/nginx/default.nix
View file

@ -2,18 +2,38 @@
inherit (config) conf; inherit (config) conf;
inherit (lib) mkIf; inherit (lib) mkIf;
in mkIf conf.nginx.enable { in mkIf conf.nginx.enable {
security.acme = {
acceptTerms = true;
defaults.email = "mira.cp.0909@gmail.com";
certs = {
"twoneis.site" = {
group = "nginx";
extraDomainNames = [ "*.twoneis.site" ];
dnsProvider = "porkbun";
email = "mira.cp.0909@gmail.com";
environmentFile = "/root/porkbun-creds";
};
};
};
users.users.nginx.extraGroups = [ "acme" ];
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
".twoneis.site" = { default = {
serverName = ".twoneis.site"; serverName = ".twoneis.site";
forceSSL = false; default = true;
locations = { rejectSSL = true;
"/" = { locations."/" = {
return = "404"; return = "404";
};
}; };
}; };
}; };
}; };
networking.firewall.allowedTCPPorts = [
80
443
];
} }

7
modules/website/default.nix
View file

@ -5,7 +5,8 @@ in mkIf conf.website.enable {
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"twoneis.site" = { "twoneis.site" = {
serverName = "twoneis.site"; serverName = "twoneis.site";
forceSSL = false; useACMEHost = "twoneis.site";
forceSSL = true;
locations = { locations = {
"/" = { "/" = {
return = "200 \"faggot\""; return = "200 \"faggot\"";
@ -13,8 +14,4 @@ in mkIf conf.website.enable {
}; };
}; };
}; };
networking.firewall.allowedTCPPorts = [
80
];
} }