From fba330ab36ed3f0c5f5b01a1c434ed9e8281846a Mon Sep 17 00:00:00 2001 From: lassulus Date: Thu, 9 Dec 2021 14:30:25 +0100 Subject: wiki.r: add acme ssl config --- krebs/2configs/wiki.nix | 8 +++++--- krebs/3modules/krebs/default.nix | 1 - 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/krebs/2configs/wiki.nix b/krebs/2configs/wiki.nix index 9952ed394..e7faca1f4 100644 --- a/krebs/2configs/wiki.nix +++ b/krebs/2configs/wiki.nix @@ -38,11 +38,13 @@ in systemd.services.gollum.environment.LC_ALL = "en_US.UTF-8"; - networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + security.acme.certs."wiki.r".server = config.krebs.ssl.acmeURL; services.nginx = { enable = true; - virtualHosts.wiki = { - serverAliases = [ "wiki.r" "wiki.${config.networking.hostName}.r" ]; + virtualHosts."wiki.r" = { + enableACME = true; + addSSL = true; locations."/".extraConfig = '' proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/krebs/3modules/krebs/default.nix b/krebs/3modules/krebs/default.nix index 35ed67f5f..1b5d903cb 100644 --- a/krebs/3modules/krebs/default.nix +++ b/krebs/3modules/krebs/default.nix @@ -80,7 +80,6 @@ in { "cgit.hotdog.r" "irc.r" "wiki.r" - "wiki.hotdog.r" ]; tinc.port = 0; tinc.pubkey = '' -- cgit v1.2.3