Merge remote-tracking branch 'gum/master'

author: lassulus <lassulus@lassul.us> 2022-09-26 15:36:25 +0200
committer: lassulus <lassulus@lassul.us> 2022-09-26 15:36:25 +0200
commit: 059a5b48af9f6c21c3c442bb0fc35d2105d3b682 (patch)
tree: 15de5c35d213d677bc2b294fc411d0f43dc536b2 /makefu/2configs/bgt/download.binaergewitter.de.nix
parent: 4d7aacdd1c2a8cc9f6d826cb7e3bb2bc10e36a5e (diff)
parent: 5b9d7e47c3f1877bcffdf2aafac712451db43d61 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
index 1cf21f213..d49ad158b 100644
--- a/makefu/2configs/bgt/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -59,6 +59,11 @@ in {
   systemd.services.nginx.serviceConfig.ReadWritePaths = [
     "/var/spool/nginx/logs/"
   ];
+  security.acme.certs."download.binaergewitter.de" = {
+    dnsProvider = "cloudflare";
+    credentialsFile = toString <secrets/lego-binaergewitter>;
+    webroot = lib.mkForce null;
+  };
 
   services.nginx = {
     appendHttpConfig = ''
@@ -70,6 +75,8 @@ in {
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     virtualHosts."download.binaergewitter.de" = {
+      addSSL = true;
+      enableACME = true;
         serverAliases = [ "dl2.binaergewitter.de" ];
         root = "/var/www/binaergewitter";
         extraConfig = ''
author	lassulus <lassulus@lassul.us>	2022-09-26 15:36:25 +0200
committer	lassulus <lassulus@lassul.us>	2022-09-26 15:36:25 +0200
commit	059a5b48af9f6c21c3c442bb0fc35d2105d3b682 (patch)
tree	15de5c35d213d677bc2b294fc411d0f43dc536b2 /makefu/2configs/bgt/download.binaergewitter.de.nix
parent	4d7aacdd1c2a8cc9f6d826cb7e3bb2bc10e36a5e (diff)
parent	5b9d7e47c3f1877bcffdf2aafac712451db43d61 (diff)