diff options
Diffstat (limited to 'os/kay/modules')
| -rw-r--r-- | os/kay/modules/acme.nix | 31 | ||||
| -rw-r--r-- | os/kay/modules/www.nix | 20 |
2 files changed, 44 insertions, 7 deletions
diff --git a/os/kay/modules/acme.nix b/os/kay/modules/acme.nix index 00819e7..86ae165 100644 --- a/os/kay/modules/acme.nix +++ b/os/kay/modules/acme.nix @@ -2,22 +2,39 @@ email = config.global.userdata.email; domain = config.global.userdata.domain; + domain_angelo = "angeloantony.com"; + secret_path_angelo = "misc/angelo_cloudflare_dns_api_token"; + environmentFile = pkgs.writeText "acme-dns" "RFC2136_NAMESERVER='[2001:470:ee65::1]:53'"; in { + sops.secrets.${secret_path_angelo} = {}; + security.acme = { acceptTerms = true; defaults.email = email; - certs.${domain} = { - inherit domain; - extraDomainNames = [ "*.${domain}" ]; + certs = { + ${domain_angelo} = { + domain = domain_angelo; + extraDomainNames = [ "*.${domain_angelo}" ]; + + dnsProvider = "cloudflare"; + credentialFiles.CLOUDFLARE_DNS_API_TOKEN_FILE = config.sops.secrets.${secret_path_angelo}.path; + + group = config.services.nginx.group; + }; + + ${domain} = { + inherit domain; + extraDomainNames = [ "*.${domain}" ]; - dnsProvider = "rfc2136"; - dnsPropagationCheck = false; # local DNS server + dnsProvider = "rfc2136"; + dnsPropagationCheck = false; # local DNS server - inherit environmentFile; - group = config.services.nginx.group; + inherit environmentFile; + group = config.services.nginx.group; + }; }; }; } diff --git a/os/kay/modules/www.nix b/os/kay/modules/www.nix index 2ab70aa..3903396 100644 --- a/os/kay/modules/www.nix +++ b/os/kay/modules/www.nix @@ -2,6 +2,10 @@ let domain = config.global.userdata.domain; + + domain_angelo = "angeloantony.com"; + ip_angelo = "10.0.1.6"; + storage = "/hdd/users/sftp/shr"; in { @@ -94,6 +98,22 @@ in }; }; + ".${domain_angelo}" = defaultOpts // { + useACMEHost = domain_angelo; + + extraConfig = '' + proxy_buffering off; + proxy_request_buffering off; + client_max_body_size 0; + ''; + + locations."/" = { + proxyWebsockets = true; + proxyPass = + "http://${ip_angelo}"; + }; + }; + "${config.services.grafana.settings.server.domain}" = defaultOpts // { extraConfig = '' proxy_buffering off; |