diff options
| author | lassulus <lassulus@lassul.us> | 2023-01-09 20:37:40 +0100 |
|---|---|---|
| committer | lassulus <lassulus@lassul.us> | 2023-01-09 20:37:40 +0100 |
| commit | 2818476f710410f1c752ce12becce10be0a8a293 (patch) | |
| tree | 7170248572e340bc49cdfc60f71c65f4a9711e39 | |
| parent | 5443f408973543d4228215edbd60c4c1082c1315 (diff) | |
l yellow.r: add acme ssl to yellow.r, radar.r and sonar.r
| -rw-r--r-- | lass/1systems/yellow/config.nix | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 72e2e0e8..06561e9c 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -34,6 +34,12 @@ in { }; }; + security.acme.defaults.email = "spam@krebsco.de"; + security.acme.acceptTerms = true; + security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL; services.nginx = { enable = true; package = pkgs.nginx.override { @@ -41,8 +47,10 @@ in { fancyindex ]; }; - virtualHosts.default = { + virtualHosts."yellow.r" = { default = true; + enableACME = true; + addSSL = true; locations."/" = { root = "/var/download"; extraConfig = '' @@ -137,18 +145,24 @@ in { ''; }; virtualHosts."jelly.r" = { + enableACME = true; + addSSL = true; locations."/".extraConfig = '' proxy_pass http://localhost:8096/; proxy_set_header Accept-Encoding ""; ''; }; virtualHosts."radar.r" = { + enableACME = true; + addSSL = true; locations."/" = { proxyWebsockets = true; proxyPass = "http://localhost:7878"; }; }; virtualHosts."sonar.r" = { + enableACME = true; + addSSL = true; locations."/" = { proxyWebsockets = true; proxyPass = "http://localhost:8989"; @@ -227,6 +241,7 @@ in { enable = true; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir + { predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic |