SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git synced 2024-11-22 11:41:26 +00:00
Code Issues Projects Releases Wiki Activity

fix: Split wildcard and root domains for ACME (#98)

Browse source 
Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/98
This commit is contained in:
Inex Code 2024-09-07 00:57:25 +03:00
parent 30e4f0a2cc
commit 46bb08581b
2 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
letsencrypt/acme.nix
View file

@ -33,13 +33,17 @@ in
certs = { certs = {
"${cfg.domain}" = { "${cfg.domain}" = {
domain = "*.${cfg.domain}"; domain = "*.${cfg.domain}";
extraDomainNames = [ "${cfg.domain}" ];
group = "acmereceivers"; group = "acmereceivers";
dnsProvider = lib.strings.toLower cfg.dns.provider; dnsProvider = lib.strings.toLower cfg.dns.provider;
credentialsFile = acme-env-filepath; credentialsFile = acme-env-filepath;
dnsPropagationCheck = dnsPropagationCheck =
! (lib.elem cfg.dns.provider dnsPropagationCheckExceptions); ! (lib.elem cfg.dns.provider dnsPropagationCheckExceptions);
}; };
"root-${cfg.domain}" = {
domain = cfg.domain;
group = "acmereceivers";
webroot = "/var/lib/acme/acme-challenge";
};
}; };
}; };
systemd.services.acme-secrets = { systemd.services.acme-secrets = {

2
webserver/nginx.nix
View file

@ -21,7 +21,7 @@ in
''; '';
virtualHosts = { virtualHosts = {
"${domain}" = { "${domain}" = {
useACMEHost = domain; useACMEHost = "root-${domain}";
forceSSL = true; forceSSL = true;
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;