From a5bcc5c66bb404bfd20278f2fadca4483b686c7e Mon Sep 17 00:00:00 2001 From: Gabriel Ebner Date: Sat, 5 Dec 2015 13:41:20 +0100 Subject: [PATCH] letsencrypt --- mastus/configuration.nix | 1 + mastus/gogs.nix | 5 +++++ mastus/letsencrypt.nix | 21 +++++++++++++++++++++ mastus/www.nix | 14 ++++++++++++++ 4 files changed, 41 insertions(+) create mode 100644 mastus/letsencrypt.nix diff --git a/mastus/configuration.nix b/mastus/configuration.nix index cfb2ff2..b347fb5 100644 --- a/mastus/configuration.nix +++ b/mastus/configuration.nix @@ -10,6 +10,7 @@ ./mail.nix ./www.nix ./gogs.nix + ./letsencrypt.nix ]; boot.loader.grub.enable = true; diff --git a/mastus/gogs.nix b/mastus/gogs.nix index 57c64fb..ef4ca5e 100644 --- a/mastus/gogs.nix +++ b/mastus/gogs.nix @@ -78,6 +78,11 @@ in listen 80; server_name git.gebner.org; + location /.well-known/acme-challenge { + default_type text/plain; + alias /etc/sslcerts/acmeroot/.well-known/acme-challenge; + } + rewrite ^(.*) https://$host$1 permanent; } diff --git a/mastus/letsencrypt.nix b/mastus/letsencrypt.nix new file mode 100644 index 0000000..ee80a99 --- /dev/null +++ b/mastus/letsencrypt.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: + +{ + systemd.services.letsencrypt = { + path = [ pkgs.simp_le ]; + + restartIfChanged = false; + serviceConfig = { + Type = "oneshot"; + }; + + script = '' + mkdir -p /etc/sslcerts/acmeroot + cd /etc/sslcerts + + simp_le -d git.gebner.org -d mail.gebner.org --default_root $PWD/acmeroot -f fullchain.pem -f key.pem + ''; + + startAt = "04:00"; + }; +} diff --git a/mastus/www.nix b/mastus/www.nix index e3b447e..5493e47 100644 --- a/mastus/www.nix +++ b/mastus/www.nix @@ -15,5 +15,19 @@ services.nginx = { enable = true; + httpConfig = '' + server { + listen [::]:80; + listen 80; + server_name _; + + location /.well-known/acme-challenge { + default_type text/plain; + alias /etc/sslcerts/acmeroot/.well-known/acme-challenge; + } + + rewrite ^(.*) https://gebner.org$1 permanent; + } + ''; }; }