From 2818476f710410f1c752ce12becce10be0a8a293 Mon Sep 17 00:00:00 2001 From: lassulus Date: Mon, 9 Jan 2023 20:37:40 +0100 Subject: l yellow.r: add acme ssl to yellow.r, radar.r and sonar.r --- lass/1systems/yellow/config.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'lass/1systems/yellow/config.nix') diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix index 72e2e0e85..06561e9cf 100644 --- a/lass/1systems/yellow/config.nix +++ b/lass/1systems/yellow/config.nix @@ -34,6 +34,12 @@ in { }; }; + security.acme.defaults.email = "spam@krebsco.de"; + security.acme.acceptTerms = true; + security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL; + security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL; services.nginx = { enable = true; package = pkgs.nginx.override { @@ -41,8 +47,10 @@ in { fancyindex ]; }; - virtualHosts.default = { + virtualHosts."yellow.r" = { default = true; + enableACME = true; + addSSL = true; locations."/" = { root = "/var/download"; extraConfig = '' @@ -137,18 +145,24 @@ in { ''; }; virtualHosts."jelly.r" = { + enableACME = true; + addSSL = true; locations."/".extraConfig = '' proxy_pass http://localhost:8096/; proxy_set_header Accept-Encoding ""; ''; }; virtualHosts."radar.r" = { + enableACME = true; + addSSL = true; locations."/" = { proxyWebsockets = true; proxyPass = "http://localhost:7878"; }; }; virtualHosts."sonar.r" = { + enableACME = true; + addSSL = true; locations."/" = { proxyWebsockets = true; proxyPass = "http://localhost:8989"; @@ -227,6 +241,7 @@ in { enable = true; tables.filter.INPUT.rules = [ { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir + { predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic -- cgit v1.2.3