From 55cabfa8a87478674ecce78ba8af8cf8c3746c80 Mon Sep 17 00:00:00 2001 From: Nickiel12 Date: Sat, 8 Apr 2023 10:48:21 -0700 Subject: [PATCH] added cloudflare certs, cleaned up redundant files --- hosts/Alaska/containers/nextcloud.nix | 4 ++-- hosts/Alaska/default.nix | 11 ----------- hosts/Alaska/modules/acme.nix | 22 ---------------------- hosts/Alaska/modules/dnsmasq.nix | 15 --------------- hosts/Alaska/modules/nginx.nix | 26 ++++++-------------------- 5 files changed, 8 insertions(+), 70 deletions(-) delete mode 100644 hosts/Alaska/modules/acme.nix delete mode 100644 hosts/Alaska/modules/dnsmasq.nix diff --git a/hosts/Alaska/containers/nextcloud.nix b/hosts/Alaska/containers/nextcloud.nix index dcd432b..3c9fea4 100644 --- a/hosts/Alaska/containers/nextcloud.nix +++ b/hosts/Alaska/containers/nextcloud.nix @@ -47,7 +47,7 @@ config = { overwriteProtocol = "https"; extraTrustedDomains = [ - "10.0.0.184" + "10.0.0.183" "files.nickiel.net" ]; @@ -96,7 +96,7 @@ }; # Manually configure nameserver. Using resolved inside the container seems to fail # currently - environment.etc."resolv.conf".text = "nameserver 8.8.8.8"; + environment.etc."resolv.conf".text = "nameserver 1.1.1.1"; }; }; } diff --git a/hosts/Alaska/default.nix b/hosts/Alaska/default.nix index 064cecc..c34ba52 100644 --- a/hosts/Alaska/default.nix +++ b/hosts/Alaska/default.nix @@ -11,20 +11,9 @@ environment.systemPackages = [ pkgs.mdadm - pkgs.cloudflared ]; networking = { - interfaces."enp2s0".ipv4.addresses = [ - { - address = "10.0.0.184"; - prefixLength = 24; - } - { - address = "10.0.0.183"; - prefixLength = 24; - } - ]; nat = { enable = true; internalInterfaces = ["ve-+"]; diff --git a/hosts/Alaska/modules/acme.nix b/hosts/Alaska/modules/acme.nix deleted file mode 100644 index d7d41ea..0000000 --- a/hosts/Alaska/modules/acme.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - security.acme.acceptTerms = true; - security.acme.defaults.email = "nicholasyoungsumner@gmail.com"; - - # Use one configuration to to make the cert for all the sub domains - security.acme.certs."acmechallenge.nickiel.net" = { - webroot = "/var/lib/acme/.challenges"; - email = "nicholasyoungsumner@gmail.com"; - # Ensure that the web server you use can read the generated certs - # Take a look at the group option for the web server you choose. - group = "nginx"; - # Since we have a wildcard vhost to handle port 80, - # we can generate certs for anything! - # Just make sure your DNS resolves them. - extraDomainNames = [ "files.nickiel.net" ]; - }; - - users.users.nginx.extraGroups = [ "acme" ]; -} diff --git a/hosts/Alaska/modules/dnsmasq.nix b/hosts/Alaska/modules/dnsmasq.nix deleted file mode 100644 index e7b68de..0000000 --- a/hosts/Alaska/modules/dnsmasq.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.dnsmasq = { - enable = true; - servers = [ - "1.1.1.1" - "1.0.0.1" - "8.8.8.8" - ]; - }; - networking.extraHosts = '' - 10.0.0.114 NicksDesktop - ''; -} diff --git a/hosts/Alaska/modules/nginx.nix b/hosts/Alaska/modules/nginx.nix index 6aa0052..0477424 100644 --- a/hosts/Alaska/modules/nginx.nix +++ b/hosts/Alaska/modules/nginx.nix @@ -1,10 +1,6 @@ { config, lib, pkgs, ... }: { - imports = [ - (import ./acme.nix) - ]; - services.nginx = { enable = true; recommendedGzipSettings = true; @@ -14,33 +10,23 @@ virtualHosts = { "nickiel.net" = { + forceSSL = true; + sslCertificate = "/Aurora/nickiel.net.pem"; + sslCertificateKey = "/Aurora/nickiel.net.key"; locations."/" = { root = "/var/lib/acme/nickiel.net"; }; }; "files.nickiel.net" = { - #forceSSL = true; - #enableACME = true; - locations."/.well-known/acme-challenge" = { - root = "/var/lib/acme/.challenges"; - }; + forceSSL = true; + sslCertificate = "/Aurora/nickiel.net.pem"; + sslCertificateKey = "/Aurora/nickiel.net.key"; locations."/" = { proxyPass = "http://192.168.100.11:80"; proxyWebsockets = true; }; }; - - "acmechallenge.nickiel.net" = { - # Catchall vhost, will redirect users to HTTPS for all vhosts - serverAliases = [ "*.nickiel.net" ]; - locations."/.well-known/acme-challenge" = { - root = "/var/lib/acme/.challenges"; - }; - locations."/" = { - return = "301 https://$host$request_uri"; - }; - }; }; }; }