summaryrefslogtreecommitdiffstats
path: root/lass/1systems/prism.nix
diff options
context:
space:
mode:
Diffstat (limited to 'lass/1systems/prism.nix')
-rw-r--r--lass/1systems/prism.nix22
1 files changed, 17 insertions, 5 deletions
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 5477a8b86..ed8c2995f 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -1,5 +1,7 @@
{ config, lib, pkgs, ... }:
+with config.krebs.lib;
+
let
ip = config.krebs.build.host.nets.internet.ip4.addr;
@@ -24,11 +26,22 @@ in {
{
imports = [
../2configs/git.nix
- ( manageCerts [ "cgit.lassul.us" ])
- ];
- krebs.nginx.servers.cgit.server-names = [
- "cgit.lassul.us"
];
+ krebs.nginx.servers.cgit = {
+ server-names = [
+ "cgit.lassul.us"
+ ];
+ locations = [
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/cgit.lassul.us/;
+ '')
+ ];
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
+ certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem";
+ };
+ };
}
{
users.extraGroups = {
@@ -189,7 +202,6 @@ in {
lass.ejabberd = {
enable = true;
hosts = [ "lassul.us" ];
- certfile = "/var/lib/acme/lassul.us/full.pem";
};
krebs.iptables.tables.filter.INPUT.rules = [
{ predicate = "-p tcp --dport xmpp-client"; target = "ACCEPT"; }