about summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/server/ftp/default.nix4
-rw-r--r--modules/server/irc/znc/default.nix4
-rw-r--r--modules/server/spectrum/acme/default.nix7
-rw-r--r--modules/server/spectrum/default.nix2
-rw-r--r--modules/server/spectrum/nginx/default.nix4
-rw-r--r--modules/server/xmpp/default.nix2
6 files changed, 18 insertions, 5 deletions
diff --git a/modules/server/ftp/default.nix b/modules/server/ftp/default.nix
index 78f7c794ce1f..a0e32294aeb7 100644
--- a/modules/server/ftp/default.nix
+++ b/modules/server/ftp/default.nix
@@ -29,7 +29,7 @@ in
   config = {
     services.nginx.virtualHosts."ftp.qyliss.net" = {
       forceSSL = true;
-      enableACME = true;
+      useACMEHost = "qyliss.net";
 
       root = pkgs.runCommandNoCC "ftp.qyliss.net" {} ''
         mkdir $out
@@ -43,5 +43,7 @@ in
         autoindex on;
       '';
     };
+
+    security.acme.certs."qyliss.net".extraDomainNames = [ "ftp.qyliss.net" ];
   };
 }
diff --git a/modules/server/irc/znc/default.nix b/modules/server/irc/znc/default.nix
index 056419ae492b..559b59e657c2 100644
--- a/modules/server/irc/znc/default.nix
+++ b/modules/server/irc/znc/default.nix
@@ -7,7 +7,7 @@
 
   services.nginx.virtualHosts."znc.${config.networking.domain}" = {
     forceSSL = true;
-    enableACME = true;
+    useACMEHost = "qyliss.net";
 
     locations = {
       "/" = {
@@ -27,5 +27,7 @@
     }
   '';
 
+  security.acme.certs."qyliss.net".extraDomainNames = [ "znc.qyliss.net" ];
+
   networking.firewall.allowedTCPPorts = [ 6697 ];
 }
diff --git a/modules/server/spectrum/acme/default.nix b/modules/server/spectrum/acme/default.nix
new file mode 100644
index 000000000000..6a60f52d2456
--- /dev/null
+++ b/modules/server/spectrum/acme/default.nix
@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+  security.acme.certs."spectrum-os.org" = {
+    webroot = "/var/lib/acme/acme-challenge";
+  };
+}
diff --git a/modules/server/spectrum/default.nix b/modules/server/spectrum/default.nix
index d8f096c2d820..c18355a4946a 100644
--- a/modules/server/spectrum/default.nix
+++ b/modules/server/spectrum/default.nix
@@ -1,5 +1,5 @@
 { ... }:
 
 {
-  imports = [ ./cgit ./git-http-backend ./nginx ./public-inbox ];
+  imports = [ ./acme ./cgit ./git-http-backend ./nginx ./public-inbox ];
 }
diff --git a/modules/server/spectrum/nginx/default.nix b/modules/server/spectrum/nginx/default.nix
index f4fca7ca1676..5067595698c5 100644
--- a/modules/server/spectrum/nginx/default.nix
+++ b/modules/server/spectrum/nginx/default.nix
@@ -17,7 +17,7 @@ in
     serverName = head redirectDomains;
     serverAliases = tail redirectDomains;
     addSSL = true;
-    enableACME = true;
+    useACMEHost = "spectrum-os.org";
     globalRedirect = "spectrum-os.org";
   };
 
@@ -26,6 +26,8 @@ in
     alias = ./robots.txt;
   };
 
+  security.acme.certs."spectrum-os.org".extraDomainNames = redirectDomains;
+
   # The Spectrum website lives in /home/spectrum/www
   systemd.services.nginx.serviceConfig.ProtectHome = false;
 }
diff --git a/modules/server/xmpp/default.nix b/modules/server/xmpp/default.nix
index f1540e0c569f..3771872741aa 100644
--- a/modules/server/xmpp/default.nix
+++ b/modules/server/xmpp/default.nix
@@ -23,5 +23,5 @@
     ssl.cert = "/var/lib/acme/qyliss.net/fullchain.pem";
   };
 
-  users.users.prosody.extraGroups = [ "tls" ];
+  users.users.prosody.extraGroups = [ "acme" ];
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-29 05:39:51 +0000