gebner/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

mastus: acme breakage

Browse Source
This commit is contained in:
Gabriel Ebner 2020-10-30 19:06:17 +01:00
parent 40783c7331
commit b311268a50
5 changed files with 13 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
mastus/letsencrypt.nix
View File

@ -5,16 +5,16 @@
"gebner.org" = { "gebner.org" = {
webroot = "/var/lib/acme/acme-challenge"; webroot = "/var/lib/acme/acme-challenge";
email = "gebner@gebner.org"; email = "gebner@gebner.org";
extraDomains = { extraDomains = [
"git.gebner.org" = null; "git.gebner.org"
"mail.gebner.org" = null; "mail.gebner.org"
"gebner.org" = null; "gebner.org"
"www.gebner.org" = null; "www.gebner.org"
"gabrielebner.at" = null; "gabrielebner.at"
"www.gabrielebner.at" = null; "www.gabrielebner.at"
"2b7e.org" = null; "2b7e.org"
"www.2b7e.org" = null; "www.2b7e.org"
}; ];
postRun = '' postRun = ''
systemctl reload nginx systemctl reload nginx

2
mastus/radicale.nix
View File

@ -24,7 +24,7 @@ in
''; '';
}; };
security.acme.certs."gebner.org".extraDomains."radicale.gebner.org" = null; security.acme.certs."gebner.org".extraDomainNames = [ "radicale.gebner.org" ];
services.nginx = { services.nginx = {
recommendedProxySettings = true; recommendedProxySettings = true;

2
mastus/ttrss.nix
View File

@ -65,7 +65,7 @@
networking.nat.internalInterfaces = ["ve-+"]; networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "ens3"; networking.nat.externalInterface = "ens3";
security.acme.certs."gebner.org".extraDomains."reader.gebner.org" = null; security.acme.certs."gebner.org".extraDomainNames = [ "reader.gebner.org" ];
services.nginx = { services.nginx = {
virtualHosts."reader.gebner.org" = { virtualHosts."reader.gebner.org" = {

3
mastus/website.nix
View File

@ -5,11 +5,10 @@
services.nginx = { services.nginx = {
virtualHosts."gebner.org" = { virtualHosts."gebner.org" = {
enableACME = true; enableACME = true;
useACMEHost = "gebner.org";
forceSSL = true; forceSSL = true;
root = "/srv/www.gebner.org"; root = "/srv/www.gebner.org";
extraConfig = '' extraConfig = ''
access_log logs/website_access.log; access_log /var/log/nginx/website_access.log;
error_page 404 403 /404.html; error_page 404 403 /404.html;

4
mastus/www.nix
View File

@ -30,8 +30,4 @@
}; };
}; };
# TODO: acme certificates are owned by root
# This workaround is from https://github.com/NixOS/nixpkgs/pull/84960
services.nginx.appendConfig = let cfg = config.services.nginx; in ''user ${cfg.user} ${cfg.group};'';
systemd.services.nginx.serviceConfig.User = pkgs.lib.mkForce "root";
} }