fixing acme

2022-12-20 13:57:38 -03:00 · 2022-12-20 13:57:38 -03:00 · c073ae375a
commit c073ae375a
parent e19f0c688e
5 changed files with 16 additions and 16 deletions
--- a/hosts/servers/alexandria/hosted-services.nix
+++ b/hosts/servers/alexandria/hosted-services.nix
@ -1,6 +1,8 @@
 { config, pkgs, libs, ... }:

 {
+  users.users.nginx.extraGroups = [ "acme" ];
+
  services = {
    nginx = {
      enable = true;
@ -9,17 +11,7 @@
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      virtualHosts = {
-        "baduhai.me" = { useACMEHoost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8000/"; };
-#         "detect.baduhai.me"     = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8001/"; };
-#         "cinny.baduhai.me"      = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8002/"; };
-#         "jellyfin.baduhai.me"   = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8003/"; };
-#         "librespeed.baduhai.me" = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8004/"; };
-#         "paperless.baduhai.me"  = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8005/"; };
-#         "pyload.baduhai.me"     = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8006/"; };
-#         "shiori.baduhai.me"     = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8007/"; };
-#         "sync.baduhai.me"       = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8008/"; };
-#         "whoogle.baduhai.me"    = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8009/"; };
-#         "adguard.baduhai.me"    = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://100.77.225.37:3000/"; };
+        "baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8000/"; };
      };
    };
  };
--- a/hosts/servers/alexandria/security.nix
+++ b/hosts/servers/alexandria/security.nix
@ -1,18 +1,18 @@
 { config, pkgs, libs, ... }:

 {
-  age.secrets.cloudflare-dns-api-key.file = ../../../secrets/cloudflare-dns-api-key.age;
+  age.secrets.cloudflare-creds.file = ../../../secrets/cloudflare-creds.age;

  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "baduhai@proton.me";
-      dnsResolver = "1.1.1.1:53";
+      dnsResolver = "100.100.100.100:53";
      dnsProvider = "cloudflare";
-      credentialsFile = config.age.secrets.cloudflare-dns-api-key.path;
+      credentialsFile = config.age.secrets.cloudflare-creds.path;
    };
    certs."baduhai.me" = {
-      extraDomainNames = "*.baduhai.me";
+      extraDomainNames = [ "*.baduhai.me" ];
    };
  };
 }