summaryrefslogtreecommitdiffstats
path: root/tv/1systems/cd.nix
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2016-07-07 23:33:18 +0200
committerlassulus <lass@aidsballs.de>2016-07-07 23:33:18 +0200
commitf4b2262c7eb07a4b66a9352e9851e9e94c13b540 (patch)
tree3c42557a71d240ec242af36cabb3a618aad0665d /tv/1systems/cd.nix
parent0ff8c0416ed838a1155ecc015d81708bb72ea1d3 (diff)
parentf7d966043d04d73df719cbe6c13e4c1aa16bb7f7 (diff)
Merge remote-tracking branch 'cd/master'
Diffstat (limited to 'tv/1systems/cd.nix')
-rw-r--r--tv/1systems/cd.nix58
1 files changed, 41 insertions, 17 deletions
diff --git a/tv/1systems/cd.nix b/tv/1systems/cd.nix
index a46edb4d9..2ad4a1505 100644
--- a/tv/1systems/cd.nix
+++ b/tv/1systems/cd.nix
@@ -44,20 +44,50 @@ with config.krebs.lib;
"cgit.cd.viljetic.de"
];
# TODO make public_html also available to cd, cd.retiolum (AKA default)
- krebs.nginx.servers.public_html = {
- server-names = singleton "cd.viljetic.de";
- locations = singleton (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
- alias /home/$1/public_html$2;
- '');
+ krebs.nginx.servers."https://viljetic.de" = {
+ server-names = singleton "viljetic.de";
+ listen = mkForce []; # disable default
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/viljetic.de/fullchain.pem";
+ certificate_key = "/var/lib/acme/viljetic.de/key.pem";
+ };
+ locations = [
+ (nameValuePair "/" ''
+ root ${pkgs.viljetic-pages};
+ '')
+ (nameValuePair "~ ^/~(.+?)(/.*)?\$" ''
+ alias /home/$1/public_html$2;
+ '')
+ ];
};
- krebs.nginx.servers.viljetic = {
+ krebs.nginx.servers."http://viljetic.de" = {
server-names = singleton "viljetic.de";
- # TODO directly set root (instead via location)
- locations = singleton (nameValuePair "/" ''
- root ${pkgs.viljetic-pages};
- '');
+ locations = [
+ (nameValuePair "/.well-known/acme-challenge/" ''
+ root /var/lib/acme/challenges/viljetic.de/;
+ '')
+ (nameValuePair "/" ''
+ return 301 https://viljetic.de$request_uri;
+ '')
+ ];
+ };
+ security.acme = {
+ certs."viljetic.de" = {
+ email = "tomislav@viljetic.de";
+ webroot = "/var/lib/acme/challenges/viljetic.de";
+ plugins = [
+ "account_key.json"
+ "key.pem"
+ "fullchain.pem"
+ ];
+ user = "nginx";
+ };
};
- tv.iptables.input-internet-accept-tcp = singleton "http";
+ tv.iptables.input-internet-accept-tcp = [
+ "http"
+ "https"
+ ];
}
];
@@ -78,13 +108,7 @@ with config.krebs.lib;
iotop
iptables
nethogs
- ntp # ntpate
rxvt_unicode.terminfo
tcpdump
];
-
- services.journald.extraConfig = ''
- SystemMaxUse=1G
- RuntimeMaxUse=128M
- '';
}