summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2021-12-09 14:30:25 +0100
committerlassulus <lassulus@lassul.us>2021-12-09 14:30:25 +0100
commitfba330ab36ed3f0c5f5b01a1c434ed9e8281846a (patch)
tree3e8bb63e664713375b4f3e2dece81247f2db1c51 /krebs
parent08cdf8a6d50da48bf87f7bb7a40bbb4d94c9c7df (diff)
wiki.r: add acme ssl config
Diffstat (limited to 'krebs')
-rw-r--r--krebs/2configs/wiki.nix8
-rw-r--r--krebs/3modules/krebs/default.nix1
2 files changed, 5 insertions, 4 deletions
diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix
index 9952ed394..e7faca1f4 100644
--- a/krebs/2configs/wiki.nix
+++ b/krebs/2configs/wiki.nix
@@ -38,11 +38,13 @@ in
systemd.services.gollum.environment.LC_ALL = "en_US.UTF-8";
- networking.firewall.allowedTCPPorts = [ 80 ];
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+ security.acme.certs."wiki.r".server = config.krebs.ssl.acmeURL;
services.nginx = {
enable = true;
- virtualHosts.wiki = {
- serverAliases = [ "wiki.r" "wiki.${config.networking.hostName}.r" ];
+ virtualHosts."wiki.r" = {
+ enableACME = true;
+ addSSL = true;
locations."/".extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix
index 35ed67f5f..1b5d903cb 100644
--- a/krebs/3modules/krebs/default.nix
+++ b/krebs/3modules/krebs/default.nix
@@ -80,7 +80,6 @@ in {
"cgit.hotdog.r"
"irc.r"
"wiki.r"
- "wiki.hotdog.r"
];
tinc.port = 0;
tinc.pubkey = ''