SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git synced 2024-11-22 03:41:26 +00:00
Code Issues Projects Releases Wiki Activity

fix: Split wildcard and root domains for ACME (#98)

Browse source 
Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/98
This commit is contained in:
Inex Code 2024-09-07 00:57:25 +03:00
parent 30e4f0a2cc
commit 46bb08581b
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
letsencrypt/acme.nix
View file

@ -33,13 +33,17 @@ in
certs = {
"${cfg.domain}" = {
domain = "*.${cfg.domain}";
extraDomainNames = [ "${cfg.domain}" ];
group = "acmereceivers";
dnsProvider = lib.strings.toLower cfg.dns.provider;
credentialsFile = acme-env-filepath;
dnsPropagationCheck =
! (lib.elem cfg.dns.provider dnsPropagationCheckExceptions);
};
"root-${cfg.domain}" = {
domain = cfg.domain;
group = "acmereceivers";
webroot = "/var/lib/acme/acme-challenge";
};
};
};
systemd.services.acme-secrets = {

2
webserver/nginx.nix
View file

@ -21,7 +21,7 @@ in
'';
virtualHosts = {
"${domain}" = {
useACMEHost = domain;
useACMEHost = "root-${domain}";
forceSSL = true;
extraConfig = ''
add_header Strict-Transport-Security $hsts_header;