Fix baka shark

This commit is contained in:
Felix Albrigtsen 2023-09-17 03:28:31 +02:00
parent 84d1eb69fd
commit 1321910c5f
3 changed files with 34 additions and 6 deletions

View File

@ -6,6 +6,7 @@
../../base.nix ../../base.nix
../../misc/metrics-exporters.nix ../../misc/metrics-exporters.nix
./services/nginx.nix
./services/kanidm.nix ./services/kanidm.nix
]; ];

View File

@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
cfg = config.services.kanidm; cfg = config.services.kanidm;
domain = "auth.pvv.ntnu.no"; domain = "idmtest.pvv.ntnu.no";
bindaddr_web = "127.0.0.1:8300"; # bindaddr_web = "127.0.0.1:8300"; #
bindaddr_ldaps = "0.0.0.0:636"; bindaddr_ldaps = "0.0.0.0:636";
in { in {
@ -22,12 +22,10 @@ in {
}; };
}; };
systemd.services.kanidm = let systemd.services.kanidm = {
certName = config.services.nginx.virtualHosts.${cfg.serverSettings.domain}.useACMEHost; requires = [ "acme-finished-${domain}.target" ];
in {
requires = [ "acme-finished-${certName}.target" ];
serviceConfig.LoadCredential = let serviceConfig.LoadCredential = let
certDir = config.security.acme.certs.${certName}.directory; certDir = config.security.acme.certs.${domain}.directory;
in [ in [
"fullchain.pem:${certDir}/fullchain.pem" "fullchain.pem:${certDir}/fullchain.pem"
"key.pem:${certDir}/key.pem" "key.pem:${certDir}/key.pem"

View File

@ -0,0 +1,29 @@
{ config, values, ... }:
{
security.acme = {
acceptTerms = true;
defaults.email = "drift@pvv.ntnu.no";
};
services.nginx = {
enable = true;
enableReload = true;
defaultListenAddresses = [
values.hosts.shark.ipv4
"[${values.hosts.shark.ipv6}]"
"127.0.0.1"
"127.0.0.2"
"[::1]"
];
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}