AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add cert to nginx

Browse Source
This commit is contained in:
Dmitriy Kholkin 2021-10-26 02:31:54 +03:00
parent 8167c98703
commit 90c6d24d2b
1 changed files with 24 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
profiles/servers/nginx.nix
View File

@ -1,4 +1,23 @@
{ pkgs, config, lib, ... }: {
{ pkgs, config, lib, ... }:
let
# creds = pkgs.writeTextFile {
# name = "cloudflare.env";
# # text = builtins.readFile ./secret/acme-cf.env;
# text = config.secrets."cloudflare.env".decrypted;
# };
in {
# security.acme = {
# email = "ataraxiadev@ataraxiadev.com";
# acceptTerms = true;
# certs."ataraxiadev.com" = {
# group = "nginx";
# email = "ataraxiadev@ataraxiadev.com";
# dnsProvider = "cloudflare";
# # credentialsFile = "${creds}";
# credentialsFile = config.secrets."cloudflare.env".decrypted;
# extraDomainNames = [ "*.ataraxiadev.com" ];
# };
# };
## DNS-over-TLS
services.stubby = {
enable = true;
@ -47,8 +66,11 @@
appendHttpConfig = "charset utf-8;";
virtualHosts = let
default = {
forceSSL = false;
forceSSL = true;
enableACME = false;
sslCertificate = config.secrets."ataraxiadev.com.pem".decrypted;
sslCertificateKey = config.secrets."ataraxiadev.com.key".decrypted;
sslTrustedCertificate = config.secrets."origin-pull-ca.pem".decrypted;
};
in {
"ataraxiadev.com" = {
@ -71,8 +93,4 @@
} // default;
};
};
# security.acme = {
# email = "ataraxiadev@ataraxiadev.com";
# acceptTerms = true;
# };
}