diff options
author | lassulus <git@lassul.us> | 2023-12-12 16:43:46 +0100 |
---|---|---|
committer | lassulus <git@lassul.us> | 2023-12-12 16:43:46 +0100 |
commit | 25d035de777df95cd0c809e647d942a75d5a4906 (patch) | |
tree | fbacfc3b6118d5c7e68f5d0f78d52e80433ab2ec | |
parent | d165a0871caadf7686f5ca56a54ea0e95b2698eb (diff) |
hotdog: add nginx config for acme in container
-rw-r--r-- | krebs/1systems/hotdog/config.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/nginx.nix | 24 |
2 files changed, 25 insertions, 0 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix index 75a8a0da1..0a103ed1a 100644 --- a/krebs/1systems/hotdog/config.nix +++ b/krebs/1systems/hotdog/config.nix @@ -4,6 +4,7 @@ imports = [ ../../../krebs ../../../krebs/2configs + ../../../krebs/2configs/nginx.nix ../../../krebs/2configs/buildbot-stockholm.nix ../../../krebs/2configs/binary-cache/nixos.nix diff --git a/krebs/2configs/nginx.nix b/krebs/2configs/nginx.nix new file mode 100644 index 000000000..812093a7e --- /dev/null +++ b/krebs/2configs/nginx.nix @@ -0,0 +1,24 @@ +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; + security.acme.acceptTerms = true; + security.acme.defaults.email = "spam@krebsco.de"; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + + enableReload = true; + + virtualHosts.default = { + default = true; + locations."= /etc/os-release".extraConfig = '' + default_type text/plain; + alias /etc/os-release; + ''; + # needed for acmeFallback in sync-containers, or other machines not reachable globally + locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge"; + }; + }; +} |