mirror of
https://github.com/Nickiel12/nicks-nix-config.git
synced 2025-01-17 23:43:27 -08:00
added cloudflare certs, cleaned up redundant files
This commit is contained in:
parent
3b1f6ca960
commit
55cabfa8a8
5 changed files with 8 additions and 70 deletions
|
@ -47,7 +47,7 @@
|
|||
config = {
|
||||
overwriteProtocol = "https";
|
||||
extraTrustedDomains = [
|
||||
"10.0.0.184"
|
||||
"10.0.0.183"
|
||||
"files.nickiel.net"
|
||||
];
|
||||
|
||||
|
@ -96,7 +96,7 @@
|
|||
};
|
||||
# Manually configure nameserver. Using resolved inside the container seems to fail
|
||||
# currently
|
||||
environment.etc."resolv.conf".text = "nameserver 8.8.8.8";
|
||||
environment.etc."resolv.conf".text = "nameserver 1.1.1.1";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -11,20 +11,9 @@
|
|||
|
||||
environment.systemPackages = [
|
||||
pkgs.mdadm
|
||||
pkgs.cloudflared
|
||||
];
|
||||
|
||||
networking = {
|
||||
interfaces."enp2s0".ipv4.addresses = [
|
||||
{
|
||||
address = "10.0.0.184";
|
||||
prefixLength = 24;
|
||||
}
|
||||
{
|
||||
address = "10.0.0.183";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
nat = {
|
||||
enable = true;
|
||||
internalInterfaces = ["ve-+"];
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "nicholasyoungsumner@gmail.com";
|
||||
|
||||
# Use one configuration to to make the cert for all the sub domains
|
||||
security.acme.certs."acmechallenge.nickiel.net" = {
|
||||
webroot = "/var/lib/acme/.challenges";
|
||||
email = "nicholasyoungsumner@gmail.com";
|
||||
# Ensure that the web server you use can read the generated certs
|
||||
# Take a look at the group option for the web server you choose.
|
||||
group = "nginx";
|
||||
# Since we have a wildcard vhost to handle port 80,
|
||||
# we can generate certs for anything!
|
||||
# Just make sure your DNS resolves them.
|
||||
extraDomainNames = [ "files.nickiel.net" ];
|
||||
};
|
||||
|
||||
users.users.nginx.extraGroups = [ "acme" ];
|
||||
}
|
|
@ -1,15 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.dnsmasq = {
|
||||
enable = true;
|
||||
servers = [
|
||||
"1.1.1.1"
|
||||
"1.0.0.1"
|
||||
"8.8.8.8"
|
||||
];
|
||||
};
|
||||
networking.extraHosts = ''
|
||||
10.0.0.114 NicksDesktop
|
||||
'';
|
||||
}
|
|
@ -1,10 +1,6 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
(import ./acme.nix)
|
||||
];
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedGzipSettings = true;
|
||||
|
@ -14,33 +10,23 @@
|
|||
|
||||
virtualHosts = {
|
||||
"nickiel.net" = {
|
||||
forceSSL = true;
|
||||
sslCertificate = "/Aurora/nickiel.net.pem";
|
||||
sslCertificateKey = "/Aurora/nickiel.net.key";
|
||||
locations."/" = {
|
||||
root = "/var/lib/acme/nickiel.net";
|
||||
};
|
||||
};
|
||||
|
||||
"files.nickiel.net" = {
|
||||
#forceSSL = true;
|
||||
#enableACME = true;
|
||||
locations."/.well-known/acme-challenge" = {
|
||||
root = "/var/lib/acme/.challenges";
|
||||
};
|
||||
forceSSL = true;
|
||||
sslCertificate = "/Aurora/nickiel.net.pem";
|
||||
sslCertificateKey = "/Aurora/nickiel.net.key";
|
||||
locations."/" = {
|
||||
proxyPass = "http://192.168.100.11:80";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
"acmechallenge.nickiel.net" = {
|
||||
# Catchall vhost, will redirect users to HTTPS for all vhosts
|
||||
serverAliases = [ "*.nickiel.net" ];
|
||||
locations."/.well-known/acme-challenge" = {
|
||||
root = "/var/lib/acme/.challenges";
|
||||
};
|
||||
locations."/" = {
|
||||
return = "301 https://$host$request_uri";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue