51 lines
1.2 KiB
Nix
51 lines
1.2 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
secrets = import <secrets>;
|
|
yoricc = import ../packages/yori-cc.nix;
|
|
acmeWebRoot = "/etc/sslcerts/acmeroot";
|
|
acmeKeyDir = "${config.security.acme.directory}/yori.cc";
|
|
in
|
|
{
|
|
imports = [
|
|
../modules/nginx.nix
|
|
];
|
|
# website + lets encrypt challenge hosting
|
|
nginxssl = {
|
|
enable = true;
|
|
challenges."${config.networking.hostName}" = acmeWebRoot;
|
|
servers."yori.cc" = {
|
|
key_root = acmeKeyDir;
|
|
key_webroot = acmeWebRoot;
|
|
contents = ''
|
|
location / {
|
|
rewrite ^(.*) https://yorickvanpelt.nl$1 permanent;
|
|
}
|
|
'';
|
|
};
|
|
servers."yorickvanpelt.nl" = {
|
|
key_root = acmeKeyDir;
|
|
key_webroot = acmeWebRoot;
|
|
contents = ''
|
|
location / {
|
|
root ${yoricc}/web;
|
|
}
|
|
'';
|
|
};
|
|
};
|
|
|
|
|
|
# Let's Encrypt configuration.
|
|
security.acme.certs."yori.cc" =
|
|
{ email = secrets.email;
|
|
extraDomains = {
|
|
"${config.networking.hostName}" = null;
|
|
"yorickvanpelt.nl" = null;
|
|
};
|
|
webroot = acmeWebRoot;
|
|
postRun = ''systemctl reload nginx.service dovecot2.service postfix.service
|
|
systemctl restart prosody.service
|
|
'';
|
|
};
|
|
}
|