summaryrefslogtreecommitdiffstats
path: root/lass
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2023-01-09 20:37:40 +0100
committerlassulus <lassulus@lassul.us>2023-01-09 20:37:40 +0100
commit2818476f710410f1c752ce12becce10be0a8a293 (patch)
tree7170248572e340bc49cdfc60f71c65f4a9711e39 /lass
parent5443f408973543d4228215edbd60c4c1082c1315 (diff)
l yellow.r: add acme ssl to yellow.r, radar.r and sonar.r
Diffstat (limited to 'lass')
-rw-r--r--lass/1systems/yellow/config.nix17
1 files changed, 16 insertions, 1 deletions
diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 72e2e0e85..06561e9cf 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -34,6 +34,12 @@ in {
};
};
+ security.acme.defaults.email = "spam@krebsco.de";
+ security.acme.acceptTerms = true;
+ security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL;
+ security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL;
+ security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL;
+ security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL;
services.nginx = {
enable = true;
package = pkgs.nginx.override {
@@ -41,8 +47,10 @@ in {
fancyindex
];
};
- virtualHosts.default = {
+ virtualHosts."yellow.r" = {
default = true;
+ enableACME = true;
+ addSSL = true;
locations."/" = {
root = "/var/download";
extraConfig = ''
@@ -137,18 +145,24 @@ in {
'';
};
virtualHosts."jelly.r" = {
+ enableACME = true;
+ addSSL = true;
locations."/".extraConfig = ''
proxy_pass http://localhost:8096/;
proxy_set_header Accept-Encoding "";
'';
};
virtualHosts."radar.r" = {
+ enableACME = true;
+ addSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:7878";
};
};
virtualHosts."sonar.r" = {
+ enableACME = true;
+ addSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:8989";
@@ -227,6 +241,7 @@ in {
enable = true;
tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir
+ { predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir
{ predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web
{ predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
{ predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic