Merge pull request 'Certificate reliability enchansements'

Reviewed-on: https://git.selfprivacy.org/ilchub/selfprivacy-nixos-infect/pulls/3
2024-11-22 03:51:27 +00:00 · 2021-03-31 10:49:38 +03:00 · 2021-03-31 10:49:38 +03:00 · de1324a596
parent e94a10a4c1 cfdee451dd
commit de1324a596
1 changed files with 27 additions and 1 deletions
--- a/28
+++ b/28
@ -48,6 +48,7 @@ makeConf() {
    ./social/pleroma-module.nix
    ./social/pleroma.nix
    ./letsencrypt/acme.nix
+    ./letsencrypt/resolve.nix
    ./backup/restic.nix
    ./passmgr/bitwarden.nix
    ./webserver/nginx.nix
@ -127,7 +128,10 @@ EOF
 {
  imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
  boot.loader.grub.device = "$grubdev";
-  fileSystems."/" = { device = "$rootfsdev"; fsType = "ext4"; };
+  fileSystems = {
+    "/" = { device = "$rootfsdev"; fsType = "ext4"; };
+    "/var" = { device = "/dev/sdb"; fsType = "ext4" };
+  };
 }
 EOF

@ -251,6 +255,27 @@ EOF
    };
  };
 }
+EOF
+    cat > /etc/nixos/letsencrypt/resolve.nix << EOF
+{ pkgs, ... }:
+{
+  systemd = {
+    services = {
+      "acme-$DOMAIN" = {
+        serviceConfig = {
+          StartLimitBurst = 5;
+          StartLimitIntervalSec = 5;
+          Restart = "on-failure";
+        };
+      };
+      "nginx-config-reload" = {
+        serviceConfig = {
+          After = [ "acme-$DOMAIN.service" ];
+        };
+      };
+    };
+  };
+}
 EOF

    cat > /etc/nixos/backup/restic.nix << EOF
@ -308,6 +333,7 @@ EOF
 {
  services.nginx = {
    enable = true;
+    enableReload = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;