gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

nginx/acme: fix certs

Browse source
This commit is contained in:
Gerg-L 2024-12-12 22:24:52 -05:00
parent cbd76b3e44
commit 296a6f9af1
Signed by: gerg-l
SSH key fingerprint: SHA256:FPYDHIkvMocr4wdmZXpgpJjsb2Tw6rASs2ISPbOb0KI
1 changed files with 23 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

27
hosts/gerg-desktop/services/nginx.nix
View file

@ -10,16 +10,9 @@
}; };
config = { config = {
local.nginx.defaultVhosts = local.nginx.defaultVhosts = builtins.mapAttrs (_: v: {
{
"_" = {
default = true;
locations."/".return = "404";
};
}
// (builtins.mapAttrs (_: v: {
locations."/".proxyPass = v; locations."/".proxyPass = v;
}) config.local.nginx.proxyVhosts); }) config.local.nginx.proxyVhosts;
sops.secrets = { sops.secrets = {
gerg_ssl_key.owner = config.services.nginx.user; gerg_ssl_key.owner = config.services.nginx.user;
@ -31,6 +24,7 @@
certs."gerg-l.com" = { certs."gerg-l.com" = {
email = "GregLeyda@proton.me"; email = "GregLeyda@proton.me";
webroot = "/var/lib/acme/acme-challenge"; webroot = "/var/lib/acme/acme-challenge";
extraDomainNames = builtins.attrNames config.local.nginx.defaultVhosts;
}; };
}; };
@ -47,14 +41,25 @@
recommendedTlsSettings = true; recommendedTlsSettings = true;
# For immich # For immich
clientMaxBodySize = "50000M"; clientMaxBodySize = "50000M";
virtualHosts = builtins.mapAttrs ( virtualHosts =
builtins.mapAttrs
(
_: v: _: v:
{ {
forceSSL = true; forceSSL = true;
useACMEHost = "gerg-l.com"; useACMEHost = "gerg-l.com";
} }
// v // v
) config.local.nginx.defaultVhosts; )
(
config.local.nginx.defaultVhosts
// {
"_" = {
default = true;
locations."/".return = "404";
};
}
);
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 80