Merge remote-tracking branch 'lass/master'

author: makefu <github@syntax-fehler.de> 2017-11-28 20:28:35 +0100
committer: makefu <github@syntax-fehler.de> 2017-11-28 20:28:35 +0100
commit: 7180f25b35b0cd5f853356ba635c5b8366c4da63 (patch)
tree: 43eb31e59e8f7718214cd8746e15d3914cdc6678 /lass/2configs/websites/lassulus.nix
parent: 65825bd5ce47504ec9596c0f951eb752999e75f4 (diff)
parent: 635543efe237e79202cc95db6f303699cadd0c85 (diff)
1 files changed, 18 insertions, 1 deletions
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 6e185a4d6..77f0c79e3 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -147,12 +147,29 @@ in {
     in ''
       alias ${initscript};
     '';
+    locations."/pub".extraConfig = ''
+      alias ${pkgs.writeText "pub" config.krebs.users.lass.pubkey};
+    '';
+  };
+
+  security.acme.certs."cgit.lassul.us" = {
+    email = "lassulus@gmail.com";
+    webroot = "/var/lib/acme/acme-challenges";
+    plugins = [
+      "account_key.json"
+      "key.pem"
+      "fullchain.pem"
+    ];
+    group = "nginx";
+    allowKeysForGroup = true;
   };
 
+
   services.nginx.virtualHosts.cgit = {
     serverName = "cgit.lassul.us";
     addSSL = true;
-    enableACME = true;
+    sslCertificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
+    sslCertificateKey = "/var/lib/acme/cgit.lassul.us/key.pem";
   };
 
   users.users.blog = {
author	makefu <github@syntax-fehler.de>	2017-11-28 20:28:35 +0100
committer	makefu <github@syntax-fehler.de>	2017-11-28 20:28:35 +0100
commit	7180f25b35b0cd5f853356ba635c5b8366c4da63 (patch)
tree	43eb31e59e8f7718214cd8746e15d3914cdc6678 /lass/2configs/websites/lassulus.nix
parent	65825bd5ce47504ec9596c0f951eb752999e75f4 (diff)
parent	635543efe237e79202cc95db6f303699cadd0c85 (diff)