kp2pml30/dotfiles
1
0
Fork 0
mirror of https://github.com/kp2pml30/dotfiles.git synced 2026-04-14 14:21:45 +04:00
Code Issues Projects Releases Packages Wiki Activity Actions

server enhancements

Browse source
This commit is contained in:
kp2pml30 2025-01-27 01:16:41 +04:00
parent 95f65d9c03
commit a5dfa8c3f8
7 changed files with 69 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

19
nix/server/nginx.nix
View file

@ -5,13 +5,16 @@
}:
let
cfg = config.kp2pml30.server;
acmeRoot = "/var/lib/acme/acme-challenge";
in lib.mkIf cfg.nginx {
security.acme = {
acceptTerms = true;
maxConcurrentRenewals = 1;
defaults.email = "kp2pml30@gmail.com";
#defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
certs."${cfg.hostname}" = {
serverAliases = [ "*.${cfg.hostname}" ];
webroot = "/var/lib/acme/.challenges";
extraDomainNames = [ "pr.${cfg.hostname}" "www.${cfg.hostname}" ];
webroot = acmeRoot;
group = "nginx";
};
};
@ -21,15 +24,17 @@ in lib.mkIf cfg.nginx {
virtualHosts."${cfg.hostname}" = {
addSSL = true;
# forceSSL = true;
enableACME = true;
acmeRoot = acmeRoot;
listen = [
{ port = 80; }
{ addr = "0.0.0.0"; port = 80; }
{ addr = "0.0.0.0"; port = 444; ssl = true; }
];
locations."/.well-known/acme-challenge/" = {
root = "/var/lib/acme/.challenges";
};
locations."/" = {
return = 404;
root = cfg.sitePath;
};
};