gebner/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

mastus: fixes for 20.03

Browse Source
This commit is contained in:
Gabriel Ebner 2020-06-13 13:08:34 +02:00
parent c7d6e1c16a
commit fd7b351486
4 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mastus/letsencrypt.nix
View File

@ -26,4 +26,6 @@
}; };
}; };
security.acme.acceptTerms = true;
} }

2
mastus/mail.nix
View File

@ -68,8 +68,6 @@
sslServerCert = "/var/lib/acme/gebner.org/fullchain.pem"; sslServerCert = "/var/lib/acme/gebner.org/fullchain.pem";
sslServerKey = "/var/lib/acme/gebner.org-dovecot/key.pem"; sslServerKey = "/var/lib/acme/gebner.org-dovecot/key.pem";
extraConfig = '' extraConfig = ''
ssl_protocols = !SSLv2 !SSLv3
service auth { service auth {
unix_listener /var/lib/postfix/queue/private/auth { unix_listener /var/lib/postfix/queue/private/auth {
mode = 0660 mode = 0660

2
mastus/vmtest.nix
View File

@ -28,6 +28,8 @@ let
(haskell.lib.justStaticExecutables (haskellPackages.callPackage ../pkgs/wstunnel.nix {})) (haskell.lib.justStaticExecutables (haskellPackages.callPackage ../pkgs/wstunnel.nix {}))
]; ];
systemd.services."acme-gebner.org".serviceConfig.ExecStart = pkgs.lib.mkForce "true";
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 gebner.org www.gebner.org reader.gebner.org git.gebner.org mail.gebner.org radicale.gebner.org gabrielebner.at 127.0.0.1 gebner.org www.gebner.org reader.gebner.org git.gebner.org mail.gebner.org radicale.gebner.org gabrielebner.at

5
mastus/www.nix
View File

@ -29,4 +29,9 @@
globalRedirect = "gebner.org"; globalRedirect = "gebner.org";
}; };
}; };
# TODO: acme certificates are owned by root
# This workaround is from https://github.com/NixOS/nixpkgs/pull/84960
services.nginx.appendConfig = let cfg = config.services.nginx; in ''user ${cfg.user} ${cfg.group};'';
systemd.services.nginx.serviceConfig.User = pkgs.lib.mkForce "root";
} }