emelie/nix-deploy
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Wiki Activity

Remove wildcard cert

Browse source
This commit is contained in:
Emelie Graven 2022-04-12 17:36:08 +02:00
parent 2fc3df27a4
commit 27530f0de0
Signed by: emelie
GPG key ID: C11123726DBB55A1
9 changed files with 10 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
config/hosts/grondahl/data/secrets/acme_anarkafem_dev
View file

Binary file not shown.

BIN
config/hosts/grondahl/data/secrets/secrets.nix
View file

Binary file not shown.

5
config/hosts/grondahl/services/acme.nix
View file

@ -4,11 +4,6 @@
security.acme = {
acceptTerms = true;
email = "admin+certs@anarkafem.dev";
certs."anarkafem.dev" = {
extraDomainNames = [ "*.anarkafem.dev" ];
dnsProvider = "hurricane";
credentialsFile = config.secrets.files.acme_anarkafem_dev.file;
};
};
}

6
config/hosts/grondahl/services/nginx.nix
View file

@ -2,7 +2,7 @@
imports = [ ../../../common/services/nginx.nix ];
services.nginx.virtualHosts = {
"anarkafem.dev" = {
useACMEHost = "anarkafem.dev";
enableACME = true;
forceSSL = true;
locations."/".root = "/var/www/anarkafem.dev/public";
locations."/_matrix/".proxyPass = "http://127.0.0.1:8008";
@ -21,12 +21,12 @@
};
};
"cal.anarkafem.dev" = {
useACMEHost = "anarkafem.dev";
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:4000";
};
"auth.anarkafem.dev" = {
useACMEHost = "anarkafem.dev";
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:9000";
};

BIN
config/hosts/wind/data/secrets/acme_graven_dev.env
View file

Binary file not shown.

BIN
config/hosts/wind/data/secrets/acme_graven_se.env
View file

Binary file not shown.

BIN
config/hosts/wind/data/secrets/secrets.nix
View file

Binary file not shown.

12
config/hosts/wind/services/acme.nix
View file

@ -4,18 +4,6 @@
security.acme = {
acceptTerms = true;
email = "admin+certs@graven.dev";
certs = {
"graven.dev" = {
extraDomainNames = [ "*.graven.dev" ];
dnsProvider = "hurricane";
credentialsFile = config.secrets.files.acme_graven_dev.file;
};
"graven.se" = {
extraDomainNames = [ "*.graven.se" ];
dnsProvider = "hurricane";
credentialsFile = config.secrets.files.acme_graven_se.file;
};
};
};
}

14
config/hosts/wind/services/nginx.nix
View file

@ -2,7 +2,7 @@
imports = [ ../../../common/services/nginx.nix ];
services.nginx.virtualHosts = {
"graven.dev" = {
useACMEHost = "graven.dev";
enableACME = true;
forceSSL = true;
locations."/".root = "/var/www/graven.dev/public";
locations."/_matrix".proxyPass = "http://127.0.0.1:8008";
@ -21,17 +21,17 @@
};
};
"rss.graven.dev" = {
useACMEHost = "graven.dev";
enableACME = true;
forceSSL = true;
};
"git.graven.dev" = {
useACMEHost = "graven.dev";
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://unix:/run/gitea/gitea.sock:";
};
"vault.graven.dev" = {
forceSSL = true;
useACMEHost = "graven.dev";
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8812";
proxyWebsockets = true;
@ -47,7 +47,7 @@
};
"openpgpkey.graven.dev" = {
forceSSL = true;
useACMEHost = "graven.dev";
enableACME = true;
locations."/" = {
root = "/var/www/openpgpkey";
extraConfig = ''
@ -63,7 +63,7 @@
};
"openpgpkey.graven.se" = {
forceSSL = true;
useACMEHost = "graven.se";
enableACME = true;
locations."/" = {
root = "/var/www/openpgpkey";
extraConfig = ''
@ -79,7 +79,7 @@
};
"tor.graven.dev" = {
forceSSL = true;
useACMEHost = "graven.dev";
enableACME = true;
locations."/" = {
root = "/var/www/tor";
extraConfig = ''