added cloudflare certs, cleaned up redundant files

2024-11-22 20:59:32 -08:00 · 2023-04-08 10:48:21 -07:00 · 2023-04-08 10:48:21 -07:00 · 55cabfa8a8
commit 55cabfa8a8
parent 3b1f6ca960
5 changed files with 8 additions and 70 deletions
--- a/hosts/Alaska/containers/nextcloud.nix
+++ b/hosts/Alaska/containers/nextcloud.nix
@ -47,7 +47,7 @@
        config = {
          overwriteProtocol = "https";
          extraTrustedDomains = [
-            "10.0.0.184"
+            "10.0.0.183"
            "files.nickiel.net"
          ];

@ -96,7 +96,7 @@
      };
      # Manually configure nameserver. Using resolved inside the container seems to fail
      # currently
-      environment.etc."resolv.conf".text = "nameserver 8.8.8.8";
+      environment.etc."resolv.conf".text = "nameserver 1.1.1.1";
    };
  };
 }
--- a/hosts/Alaska/default.nix
+++ b/hosts/Alaska/default.nix
@ -11,20 +11,9 @@

  environment.systemPackages = [
    pkgs.mdadm
-    pkgs.cloudflared
  ];

  networking = {
-    interfaces."enp2s0".ipv4.addresses = [
-      {
-        address = "10.0.0.184";
-        prefixLength = 24;
-      }
-      {
-        address = "10.0.0.183";
-        prefixLength = 24;
-      }
-    ];
    nat = {
      enable = true;
      internalInterfaces = ["ve-+"];
--- a/hosts/Alaska/modules/acme.nix
+++ b/hosts/Alaska/modules/acme.nix
@ -1,22 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-
-    security.acme.acceptTerms = true;
-    security.acme.defaults.email = "nicholasyoungsumner@gmail.com";
-
-    # Use one configuration to to make the cert for all the sub domains
-    security.acme.certs."acmechallenge.nickiel.net" = {
-      webroot = "/var/lib/acme/.challenges";
-      email = "nicholasyoungsumner@gmail.com";
-        # Ensure that the web server you use can read the generated certs
-        # Take a look at the group option for the web server you choose.
-      group = "nginx";
-        # Since we have a wildcard vhost to handle port 80,
-        # we can generate certs for anything!
-        # Just make sure your DNS resolves them.
-      extraDomainNames = [ "files.nickiel.net" ];
-    };
-
-  users.users.nginx.extraGroups = [ "acme" ];
-}
--- a/hosts/Alaska/modules/dnsmasq.nix
+++ b/hosts/Alaska/modules/dnsmasq.nix
@ -1,15 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  services.dnsmasq = {
-    enable = true;
-    servers = [
-      "1.1.1.1"
-      "1.0.0.1"
-      "8.8.8.8"
-    ];
-  };
-  networking.extraHosts = ''
-    10.0.0.114 NicksDesktop
-  '';
-}
--- a/hosts/Alaska/modules/nginx.nix
+++ b/hosts/Alaska/modules/nginx.nix
@ -1,10 +1,6 @@
 { config, lib, pkgs, ... }:

 {
-  imports = [
-    (import ./acme.nix)
-  ];
-
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
@ -14,33 +10,23 @@

    virtualHosts = {
      "nickiel.net" = {
+        forceSSL = true;
+        sslCertificate = "/Aurora/nickiel.net.pem";
+        sslCertificateKey = "/Aurora/nickiel.net.key";
        locations."/" = {
          root = "/var/lib/acme/nickiel.net";
        };
      };

      "files.nickiel.net" = {
-            #forceSSL = true;
-            #enableACME = true;
-            locations."/.well-known/acme-challenge" = {
-              root = "/var/lib/acme/.challenges";
-            };
+            forceSSL = true;
+            sslCertificate = "/Aurora/nickiel.net.pem";
+            sslCertificateKey = "/Aurora/nickiel.net.key";
            locations."/" = {
              proxyPass = "http://192.168.100.11:80";
              proxyWebsockets = true;
            };
          };
-
-      "acmechallenge.nickiel.net" = {
-        # Catchall vhost, will redirect users to HTTPS for all vhosts
-        serverAliases = [ "*.nickiel.net" ];
-        locations."/.well-known/acme-challenge" = {
-          root = "/var/lib/acme/.challenges";
-        };
-        locations."/" = {
-          return = "301 https://$host$request_uri";
-        };
-      };
    };
  };
 }