diff options
author | lassulus <lassulus@lassul.us> | 2021-10-12 15:35:52 +0200 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2021-10-12 17:14:27 +0200 |
commit | 55bdc0f653b398d49c5c95d98da797b2b8d5393e (patch) | |
tree | 8552f62541b07a807ff15ebac1d59636f50555dc | |
parent | e4793149c011da50a4ff2b44fbe80aef83936d47 (diff) |
l codimd: set domain and serve via ssl
-rw-r--r-- | lass/2configs/codimd.nix | 39 |
1 files changed, 28 insertions, 11 deletions
diff --git a/lass/2configs/codimd.nix b/lass/2configs/codimd.nix index d29a65210..070781a31 100644 --- a/lass/2configs/codimd.nix +++ b/lass/2configs/codimd.nix @@ -1,27 +1,44 @@ { config, pkgs, lib, ... }: with import <stockholm/lib>; -{ - services.nginx.virtualHosts.codimd = { +let + domain = "codi.lassul.us"; +in { + services.nginx.virtualHosts.${domain} = { enableACME = true; - addSSL = true; - serverName = "codi.lassul.us"; - locations."/".extraConfig = '' - client_max_body_size 4G; - proxy_set_header Host $host; - proxy_pass http://localhost:3091; - ''; + forceSSL = true; + locations."/" = { + proxyPass = "https://localhost:3091"; + proxyWebsockets = true; + }; + }; + + security.acme.certs.${domain}.group = "hedgecert"; + users.groups.hedgecert.members = [ "codimd" "nginx" ]; + + security.dhparams = { + enable = true; + params.hedgedoc = {}; }; services.hedgedoc = { enable = true; - configuration.allowOrigin = [ "*" ]; + configuration.allowOrigin = [ domain ]; configuration = { db = { dialect = "sqlite"; storage = "/var/lib/codimd/db.codimd.sqlite"; - useCDN = false; }; + useCDN = false; port = 3091; + domain = domain; + allowFreeURL = true; + + useSSL = true; + protocolUseSSL = true; + sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ]; + sslCertPath = "/var/lib/acme/${domain}/cert.pem"; + sslKeyPath = "/var/lib/acme/${domain}/key.pem"; + dhParamPath = config.security.dhparams.params.hedgedoc.path; }; }; } |