Added certificate resolution redundancy. Implemented nginx config reload on resolve success

2024-11-22 03:51:27 +00:00 · 2021-03-31 10:47:21 +03:00 · 2021-03-31 10:47:21 +03:00 · cfdee451dd
parent 9d6c8cc638
commit cfdee451dd
1 changed files with 23 additions and 0 deletions
--- a/23
+++ b/23
@ -48,6 +48,7 @@ makeConf() {
    ./social/pleroma-module.nix
    ./social/pleroma.nix
    ./letsencrypt/acme.nix
+    ./letsencrypt/resolve.nix
    ./backup/restic.nix
    ./passmgr/bitwarden.nix
    ./webserver/nginx.nix
@ -254,6 +255,27 @@ EOF
    };
  };
 }
+EOF
+    cat > /etc/nixos/letsencrypt/resolve.nix << EOF
+{ pkgs, ... }:
+{
+  systemd = {
+    services = {
+      "acme-$DOMAIN" = {
+        serviceConfig = {
+          StartLimitBurst = 5;
+          StartLimitIntervalSec = 5;
+          Restart = "on-failure";
+        };
+      };
+      "nginx-config-reload" = {
+        serviceConfig = {
+          After = [ "acme-$DOMAIN.service" ];
+        };
+      };
+    };
+  };
+}
 EOF

    cat > /etc/nixos/backup/restic.nix << EOF
@ -311,6 +333,7 @@ EOF
 {
  services.nginx = {
    enable = true;
+    enableReload = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;