gebner/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

letsencrypt

Browse Source
This commit is contained in:
Gabriel Ebner 2015-12-05 13:41:20 +01:00
parent 46e516f178
commit a5bcc5c66b
4 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mastus/configuration.nix
View File

@ -10,6 +10,7 @@
./mail.nix ./mail.nix
./www.nix ./www.nix
./gogs.nix ./gogs.nix
./letsencrypt.nix
]; ];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;

5
mastus/gogs.nix
View File

@ -78,6 +78,11 @@ in
listen 80; listen 80;
server_name git.gebner.org; server_name git.gebner.org;
location /.well-known/acme-challenge {
default_type text/plain;
alias /etc/sslcerts/acmeroot/.well-known/acme-challenge;
}
rewrite ^(.*) https://$host$1 permanent; rewrite ^(.*) https://$host$1 permanent;
} }

21
mastus/letsencrypt.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, pkgs, ... }:
{
systemd.services.letsencrypt = {
path = [ pkgs.simp_le ];
restartIfChanged = false;
serviceConfig = {
Type = "oneshot";
};
script = ''
mkdir -p /etc/sslcerts/acmeroot
cd /etc/sslcerts
simp_le -d git.gebner.org -d mail.gebner.org --default_root $PWD/acmeroot -f fullchain.pem -f key.pem
'';
startAt = "04:00";
};
}

14
mastus/www.nix
View File

@ -15,5 +15,19 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
httpConfig = ''
server {
listen [::]:80;
listen 80;
server_name _;
location /.well-known/acme-challenge {
default_type text/plain;
alias /etc/sslcerts/acmeroot/.well-known/acme-challenge;
}
rewrite ^(.*) https://gebner.org$1 permanent;
}
'';
}; };
} }