adriangl
/
nix-dotfiles
mirror of https://github.com/adrlau/nix-dotfiles.git
1
2
Fork 0
Code Issues Packages Projects Releases Wiki Activity

elrond fix acme cert stuff

This commit is contained in:
Adrian Gunnar Lauterer 2024-03-29 19:24:52 +01:00
parent 0c34bf52aa
commit a976c3a1e1
3 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
machines/elrond/configuration.nix
View File

@ -22,7 +22,6 @@
networking.useDHCP = false; networking.useDHCP = false;
networking.interfaces.ens3.useDHCP = true; # lmao interface is not constant. I really only want to use dhcp att all so could remove this in favor of the old way. networking.interfaces.ens3.useDHCP = true; # lmao interface is not constant. I really only want to use dhcp att all so could remove this in favor of the old way.
networking.hostName = "elrond"; # Define your hostname. networking.hostName = "elrond"; # Define your hostname.
networking.domain = "addictedmaker.eu"; # Define your domain.
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.conf.all.forwarding" = true; "net.ipv4.conf.all.forwarding" = true;

2
profiles/webhost.nix
View File

@ -6,7 +6,7 @@ imports =
./sops.nix ./sops.nix
../services/nginx.nix ../services/nginx.nix
#../services/authelia.nix #../services/authelia.nix
../services/fail2ban.nix #../services/fail2ban.nix
]; ];
} }

25
services/nginx.nix
View File

@ -6,26 +6,35 @@
restartUnits = [ "nginx.service" ]; restartUnits = [ "nginx.service" ];
owner = "nginx"; owner = "nginx";
}; };
networking.domain = "addictedmaker.eu";
networking.enableIPv6 = false; # lol for some reason acme works without ipv6
networking.domain = "lauterer.it";
#acme and certs helpful blog https://carjorvaz.com/posts/ #acme and certs helpful blog https://carjorvaz.com/posts/
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "adrian+acme@lauterer.it"; defaults.email = "adrian+acme@lauterer.it";
certs."${config.networking.domain}" = { certs."${config.networking.domain}" = {
domain = "${config.networking.domain}"; domain = "*.${config.networking.domain}";
extraDomainNames = [ extraDomainNames = [
"*.${config.networking.domain}" "${config.networking.domain}"
#"${config.networking.domain}" #"${config.networking.domain}"
#"lauterer.it" #"lauterer.it"
"*.lauterer.it" #"*.lauterer.it"
"*.256.no" #"*.256.no"
]; ];
#server = "https://acme-staging-v02.api.letsencrypt.org/directory"; #for testing.
enableDebugLogs = true;
dnsResolver = "ns1.hyp.net:53";
dnsProvider = "domeneshop"; # from here according to provider https://go-acme.github.io/lego/dns/ dnsProvider = "domeneshop"; # from here according to provider https://go-acme.github.io/lego/dns/
dnsPropagationCheck = true; dnsPropagationCheck = true;
#need to manually create this file according to dnsprovider secrets, and format of key according to lego in privider and add to secrets.yaml #need to manually create this file according to dnsprovider secrets, and format of key according to lego in privider and add to secrets.yaml
#credentialsFile = config.sops.secrets."acme/certs".path; credentialsFile = config.sops.secrets."acme/certs".path;
credentialsFile = "/run/secrets/acme/certs";
}; };
}; };