Remove wildcard cert

2022-04-12 17:36:08 +02:00 · 2022-04-12 17:36:08 +02:00 · 27530f0de0
parent 2fc3df27a4
commit 27530f0de0
9 changed files with 10 additions and 27 deletions
--- a/config/hosts/grondahl/data/secrets/acme_anarkafem_dev
+++ b/config/hosts/grondahl/data/secrets/acme_anarkafem_dev
--- a/config/hosts/grondahl/data/secrets/secrets.nix
+++ b/config/hosts/grondahl/data/secrets/secrets.nix
--- a/config/hosts/grondahl/services/acme.nix
+++ b/config/hosts/grondahl/services/acme.nix
@ -4,11 +4,6 @@
  security.acme = {
    acceptTerms = true;
    email = "admin+certs@anarkafem.dev";
    certs."anarkafem.dev" = {
      extraDomainNames = [ "*.anarkafem.dev" ];
      dnsProvider = "hurricane";
      credentialsFile = config.secrets.files.acme_anarkafem_dev.file;
    };
  };
 }
--- a/config/hosts/grondahl/services/nginx.nix
+++ b/config/hosts/grondahl/services/nginx.nix
@ -2,7 +2,7 @@
  imports = [ ../../../common/services/nginx.nix ];
  services.nginx.virtualHosts = {
    "anarkafem.dev" = {
-      useACMEHost = "anarkafem.dev";
+      enableACME = true;
      forceSSL = true;
      locations."/".root = "/var/www/anarkafem.dev/public";
      locations."/_matrix/".proxyPass = "http://127.0.0.1:8008";
@ -21,12 +21,12 @@
      };
    };
 		"cal.anarkafem.dev" = {
-			useACMEHost = "anarkafem.dev";
+			enableACME = true;
 			forceSSL = true;
 			locations."/".proxyPass = "http://127.0.0.1:4000";
 		};
 		"auth.anarkafem.dev" = {
-			useACMEHost = "anarkafem.dev";
+			enableACME = true;
 			forceSSL = true;
 			locations."/".proxyPass = "http://127.0.0.1:9000";
 		};
--- a/config/hosts/wind/data/secrets/acme_graven_dev.env
+++ b/config/hosts/wind/data/secrets/acme_graven_dev.env
--- a/config/hosts/wind/data/secrets/acme_graven_se.env
+++ b/config/hosts/wind/data/secrets/acme_graven_se.env
--- a/config/hosts/wind/data/secrets/secrets.nix
+++ b/config/hosts/wind/data/secrets/secrets.nix
--- a/config/hosts/wind/services/acme.nix
+++ b/config/hosts/wind/services/acme.nix
@ -4,18 +4,6 @@
  security.acme = {
    acceptTerms = true;
    email = "admin+certs@graven.dev";
 		certs = {
 			"graven.dev" = {
 				extraDomainNames = [ "*.graven.dev" ];
 				dnsProvider = "hurricane";
 				credentialsFile = config.secrets.files.acme_graven_dev.file;
 			};
 			"graven.se" = {
 				extraDomainNames = [ "*.graven.se" ];
 				dnsProvider = "hurricane";
 				credentialsFile = config.secrets.files.acme_graven_se.file;
 			};
 		};
  };
 }
--- a/config/hosts/wind/services/nginx.nix
+++ b/config/hosts/wind/services/nginx.nix
@ -2,7 +2,7 @@
 	imports = [ ../../../common/services/nginx.nix ];
 	services.nginx.virtualHosts = {
 		"graven.dev" = {
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			forceSSL = true;
 			locations."/".root = "/var/www/graven.dev/public";
 			locations."/_matrix".proxyPass = "http://127.0.0.1:8008";
@ -21,17 +21,17 @@
 			};
 		};
 		"rss.graven.dev" = {
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			forceSSL = true;
 		};
 		"git.graven.dev" = {
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			forceSSL = true;
 			locations."/".proxyPass = "http://unix:/run/gitea/gitea.sock:";
 		};
 		"vault.graven.dev" = {
 			forceSSL = true;
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			locations."/" = {
 				proxyPass = "http://localhost:8812";
 				proxyWebsockets = true;
@ -47,7 +47,7 @@
 		};
 		"openpgpkey.graven.dev" = {
 			forceSSL = true;
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			locations."/" = {
 				root = "/var/www/openpgpkey";
 				extraConfig = ''
@ -63,7 +63,7 @@
 		};
 		"openpgpkey.graven.se" = {
 			forceSSL = true;
-			useACMEHost = "graven.se";
+			enableACME = true;
 			locations."/" = {
 				root = "/var/www/openpgpkey";
 				extraConfig = ''
@ -79,7 +79,7 @@
 		};
 		"tor.graven.dev" = {
 			forceSSL = true;
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			locations."/" = {
 				root = "/var/www/tor";
 				extraConfig = ''