summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <git@lassul.us>2023-12-12 16:43:46 +0100
committerlassulus <git@lassul.us>2023-12-12 16:43:46 +0100
commit25d035de777df95cd0c809e647d942a75d5a4906 (patch)
treefbacfc3b6118d5c7e68f5d0f78d52e80433ab2ec
parentd165a0871caadf7686f5ca56a54ea0e95b2698eb (diff)
hotdog: add nginx config for acme in container
-rw-r--r--krebs/1systems/hotdog/config.nix1
-rw-r--r--krebs/2configs/nginx.nix24
2 files changed, 25 insertions, 0 deletions
diff --git a/krebs/1systems/hotdog/config.nix b/krebs/1systems/hotdog/config.nix
index 75a8a0da1..0a103ed1a 100644
--- a/krebs/1systems/hotdog/config.nix
+++ b/krebs/1systems/hotdog/config.nix
@@ -4,6 +4,7 @@
imports = [
../../../krebs
../../../krebs/2configs
+ ../../../krebs/2configs/nginx.nix
../../../krebs/2configs/buildbot-stockholm.nix
../../../krebs/2configs/binary-cache/nixos.nix
diff --git a/krebs/2configs/nginx.nix b/krebs/2configs/nginx.nix
new file mode 100644
index 000000000..812093a7e
--- /dev/null
+++ b/krebs/2configs/nginx.nix
@@ -0,0 +1,24 @@
+{
+ networking.firewall.allowedTCPPorts = [ 80 443 ];
+ security.acme.acceptTerms = true;
+ security.acme.defaults.email = "spam@krebsco.de";
+
+ services.nginx = {
+ enable = true;
+ recommendedGzipSettings = true;
+ recommendedOptimisation = true;
+ recommendedTlsSettings = true;
+
+ enableReload = true;
+
+ virtualHosts.default = {
+ default = true;
+ locations."= /etc/os-release".extraConfig = ''
+ default_type text/plain;
+ alias /etc/os-release;
+ '';
+ # needed for acmeFallback in sync-containers, or other machines not reachable globally
+ locations."~ ^/.well-known/acme-challenge/".root = "/var/lib/acme/acme-challenge";
+ };
+ };
+}