SelfPrivacy
/
selfprivacy-nixos-config
6
3
Fork 6
Code Issues 19 Pull Requests 1 Projects Releases Wiki Activity

fix: acme retrieval

pull/7/head
Inex Code 2023-07-21 20:59:34 +03:00
parent e0ad80b4ca
commit 29b855818d
2 changed files with 21 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
letsencrypt/acme.nix
View File

@ -15,12 +15,17 @@ in
reloadServices = [ "nginx" ]; reloadServices = [ "nginx" ];
}; };
certs = lib.mkForce { certs = lib.mkForce {
"${cfg.domain}" = { "wildcard-${cfg.domain}" = {
domain = "*.${cfg.domain}"; domain = "*.${cfg.domain}";
group = "acmerecievers"; group = "acmerecievers";
dnsProvider = lib.strings.toLower cfg.dns.provider; dnsProvider = lib.strings.toLower cfg.dns.provider;
credentialsFile = "/var/lib/cloudflare/Credentials.ini"; credentialsFile = "/var/lib/cloudflare/Credentials.ini";
}; };
"${cfg.domain}" = {
domain = cfg.domain;
group = "acmerecievers";
webroot = "/var/lib/acme/acme-challenge";
};
}; };
}; };
} }

30
webserver/nginx.nix
View File

@ -34,8 +34,8 @@ in
''; '';
}; };
"vpn.${domain}" = { "vpn.${domain}" = {
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${domain}/key.pem"; sslCertificateKey = "/var/lib/acme/wildcard-${domain}/key.pem";
forceSSL = true; forceSSL = true;
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
@ -49,8 +49,8 @@ in
''; '';
}; };
"git.${domain}" = { "git.${domain}" = {
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${domain}/key.pem"; sslCertificateKey = "/var/lib/acme/wildcard-${domain}/key.pem";
forceSSL = true; forceSSL = true;
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
@ -69,8 +69,8 @@ in
}; };
}; };
"cloud.${domain}" = { "cloud.${domain}" = {
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${domain}/key.pem"; sslCertificateKey = "/var/lib/acme/wildcard-${domain}/key.pem";
forceSSL = true; forceSSL = true;
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
@ -89,8 +89,8 @@ in
}; };
}; };
"password.${domain}" = { "password.${domain}" = {
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${domain}/key.pem"; sslCertificateKey = "/var/lib/acme/wildcard-${domain}/key.pem";
forceSSL = true; forceSSL = true;
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
@ -109,8 +109,8 @@ in
}; };
}; };
"api.${domain}" = { "api.${domain}" = {
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${domain}/key.pem"; sslCertificateKey = "/var/lib/acme/wildcard-${domain}/key.pem";
forceSSL = true; forceSSL = true;
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;
@ -130,8 +130,8 @@ in
}; };
}; };
"social.${domain}" = { "social.${domain}" = {
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${domain}/key.pem"; sslCertificateKey = "/var/lib/acme/wildcard-${domain}/key.pem";
root = "/var/www/social.${domain}"; root = "/var/www/social.${domain}";
forceSSL = true; forceSSL = true;
extraConfig = '' extraConfig = ''
@ -151,10 +151,10 @@ in
}; };
}; };
"meet.${domain}" = { "meet.${domain}" = {
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; sslCertificate = "/var/lib/acme/wildcard-${domain}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${domain}/key.pem"; sslCertificateKey = "/var/lib/acme/wildcard-${domain}/key.pem";
forceSSL = true; forceSSL = true;
useACMEHost = domain; useACMEHost = "wildcard-${domain}";
enableACME = false; enableACME = false;
}; };
}; };