diff options
author | lassulus <lass@aidsballs.de> | 2016-07-07 23:33:18 +0200 |
---|---|---|
committer | lassulus <lass@aidsballs.de> | 2016-07-07 23:33:18 +0200 |
commit | f4b2262c7eb07a4b66a9352e9851e9e94c13b540 (patch) | |
tree | 3c42557a71d240ec242af36cabb3a618aad0665d /tv/1systems/cd.nix | |
parent | 0ff8c0416ed838a1155ecc015d81708bb72ea1d3 (diff) | |
parent | f7d966043d04d73df719cbe6c13e4c1aa16bb7f7 (diff) |
Merge remote-tracking branch 'cd/master'
Diffstat (limited to 'tv/1systems/cd.nix')
-rw-r--r-- | tv/1systems/cd.nix | 58 |
1 files changed, 41 insertions, 17 deletions
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix index a46edb4d9..2ad4a1505 100644 --- a/tv/1systems/cd.nix +++ b/tv/1systems/cd.nix @@ -44,20 +44,50 @@ with config.krebs.lib; "cgit.cd.viljetic.de" ]; # TODO make public_html also available to cd, cd.retiolum (AKA default) - krebs.nginx.servers.public_html = { - server-names = singleton "cd.viljetic.de"; - locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' - alias /home/$1/public_html$2; - ''); + krebs.nginx.servers."https://viljetic.de" = { + server-names = singleton "viljetic.de"; + listen = mkForce []; # disable default + ssl = { + enable = true; + certificate = "/var/lib/acme/viljetic.de/fullchain.pem"; + certificate_key = "/var/lib/acme/viljetic.de/key.pem"; + }; + locations = [ + (nameValuePair "/" '' + root ${pkgs.viljetic-pages}; + '') + (nameValuePair "~ ^/~(.+?)(/.*)?\$" '' + alias /home/$1/public_html$2; + '') + ]; }; - krebs.nginx.servers.viljetic = { + krebs.nginx.servers."http://viljetic.de" = { server-names = singleton "viljetic.de"; - # TODO directly set root (instead via location) - locations = singleton (nameValuePair "/" '' - root ${pkgs.viljetic-pages}; - ''); + locations = [ + (nameValuePair "/.well-known/acme-challenge/" '' + root /var/lib/acme/challenges/viljetic.de/; + '') + (nameValuePair "/" '' + return 301 https://viljetic.de$request_uri; + '') + ]; + }; + security.acme = { + certs."viljetic.de" = { + email = "tomislav@viljetic.de"; + webroot = "/var/lib/acme/challenges/viljetic.de"; + plugins = [ + "account_key.json" + "key.pem" + "fullchain.pem" + ]; + user = "nginx"; + }; }; - tv.iptables.input-internet-accept-tcp = singleton "http"; + tv.iptables.input-internet-accept-tcp = [ + "http" + "https" + ]; } ]; @@ -78,13 +108,7 @@ with config.krebs.lib; iotop iptables nethogs - ntp # ntpate rxvt_unicode.terminfo tcpdump ]; - - services.journald.extraConfig = '' - SystemMaxUse=1G - RuntimeMaxUse=128M - ''; } |