forked from Drift/pvv-nixos-config
Fix baka shark
This commit is contained in:
parent
84d1eb69fd
commit
1321910c5f
@ -6,6 +6,7 @@
|
||||
../../base.nix
|
||||
../../misc/metrics-exporters.nix
|
||||
|
||||
./services/nginx.nix
|
||||
./services/kanidm.nix
|
||||
];
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.services.kanidm;
|
||||
domain = "auth.pvv.ntnu.no";
|
||||
domain = "idmtest.pvv.ntnu.no";
|
||||
bindaddr_web = "127.0.0.1:8300"; #
|
||||
bindaddr_ldaps = "0.0.0.0:636";
|
||||
in {
|
||||
@ -22,12 +22,10 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.kanidm = let
|
||||
certName = config.services.nginx.virtualHosts.${cfg.serverSettings.domain}.useACMEHost;
|
||||
in {
|
||||
requires = [ "acme-finished-${certName}.target" ];
|
||||
systemd.services.kanidm = {
|
||||
requires = [ "acme-finished-${domain}.target" ];
|
||||
serviceConfig.LoadCredential = let
|
||||
certDir = config.security.acme.certs.${certName}.directory;
|
||||
certDir = config.security.acme.certs.${domain}.directory;
|
||||
in [
|
||||
"fullchain.pem:${certDir}/fullchain.pem"
|
||||
"key.pem:${certDir}/key.pem"
|
||||
|
29
hosts/shark/services/nginx.nix
Normal file
29
hosts/shark/services/nginx.nix
Normal file
@ -0,0 +1,29 @@
|
||||
{ config, values, ... }:
|
||||
{
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "drift@pvv.ntnu.no";
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
enableReload = true;
|
||||
|
||||
defaultListenAddresses = [
|
||||
values.hosts.shark.ipv4
|
||||
"[${values.hosts.shark.ipv6}]"
|
||||
|
||||
"127.0.0.1"
|
||||
"127.0.0.2"
|
||||
"[::1]"
|
||||
];
|
||||
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
}
|
Loading…
Reference in New Issue
Block a user