wiki.r: add acme ssl config

author: lassulus <lassulus@lassul.us> 2021-12-09 14:30:25 +0100
committer: lassulus <lassulus@lassul.us> 2021-12-09 14:30:25 +0100
commit: fba330ab36ed3f0c5f5b01a1c434ed9e8281846a (patch)
tree: 3e8bb63e664713375b4f3e2dece81247f2db1c51 /krebs/2configs
parent: 08cdf8a6d50da48bf87f7bb7a40bbb4d94c9c7df (diff)
1 files changed, 5 insertions, 3 deletions
diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix
index 9952ed39..e7faca1f 100644
--- a/krebs/2configs/wiki.nix
+++ b/krebs/2configs/wiki.nix
@@ -38,11 +38,13 @@ in
 
   systemd.services.gollum.environment.LC_ALL = "en_US.UTF-8";
 
-  networking.firewall.allowedTCPPorts = [ 80 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  security.acme.certs."wiki.r".server = config.krebs.ssl.acmeURL;
   services.nginx = {
     enable = true;
-    virtualHosts.wiki = {
-      serverAliases = [ "wiki.r" "wiki.${config.networking.hostName}.r" ];
+    virtualHosts."wiki.r" = {
+      enableACME = true;
+      addSSL = true;
       locations."/".extraConfig = ''
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
author	lassulus <lassulus@lassul.us>	2021-12-09 14:30:25 +0100
committer	lassulus <lassulus@lassul.us>	2021-12-09 14:30:25 +0100
commit	fba330ab36ed3f0c5f5b01a1c434ed9e8281846a (patch)
tree	3e8bb63e664713375b4f3e2dece81247f2db1c51 /krebs/2configs
parent	08cdf8a6d50da48bf87f7bb7a40bbb4d94c9c7df (diff)