diff options
author | lassulus <lassulus@lassul.us> | 2021-12-09 14:30:25 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2021-12-09 14:30:25 +0100 |
commit | fba330ab36ed3f0c5f5b01a1c434ed9e8281846a (patch) | |
tree | 3e8bb63e664713375b4f3e2dece81247f2db1c51 /krebs | |
parent | 08cdf8a6d50da48bf87f7bb7a40bbb4d94c9c7df (diff) |
wiki.r: add acme ssl config
Diffstat (limited to 'krebs')
-rw-r--r-- | krebs/2configs/wiki.nix | 8 | ||||
-rw-r--r-- | krebs/3modules/krebs/default.nix | 1 |
2 files changed, 5 insertions, 4 deletions
diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index 9952ed394..e7faca1f4 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -38,11 +38,13 @@ in systemd.services.gollum.environment.LC_ALL = "en_US.UTF-8"; - networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + security.acme.certs."wiki.r".server = config.krebs.ssl.acmeURL; services.nginx = { enable = true; - virtualHosts.wiki = { - serverAliases = [ "wiki.r" "wiki.${config.networking.hostName}.r" ]; + virtualHosts."wiki.r" = { + enableACME = true; + addSSL = true; locations."/".extraConfig = '' proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 35ed67f5f..1b5d903cb 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -80,7 +80,6 @@ in { "cgit.hotdog.r" "irc.r" "wiki.r" - "wiki.hotdog.r" ]; tinc.port = 0; tinc.pubkey = '' |