diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/server/ftp/default.nix | 4 | ||||
-rw-r--r-- | modules/server/irc/znc/default.nix | 4 | ||||
-rw-r--r-- | modules/server/spectrum/acme/default.nix | 7 | ||||
-rw-r--r-- | modules/server/spectrum/default.nix | 2 | ||||
-rw-r--r-- | modules/server/spectrum/nginx/default.nix | 4 | ||||
-rw-r--r-- | modules/server/xmpp/default.nix | 2 |
6 files changed, 18 insertions, 5 deletions
diff --git a/modules/server/ftp/default.nix b/modules/server/ftp/default.nix index 78f7c794ce1f..a0e32294aeb7 100644 --- a/modules/server/ftp/default.nix +++ b/modules/server/ftp/default.nix @@ -29,7 +29,7 @@ in config = { services.nginx.virtualHosts."ftp.qyliss.net" = { forceSSL = true; - enableACME = true; + useACMEHost = "qyliss.net"; root = pkgs.runCommandNoCC "ftp.qyliss.net" {} '' mkdir $out @@ -43,5 +43,7 @@ in autoindex on; ''; }; + + security.acme.certs."qyliss.net".extraDomainNames = [ "ftp.qyliss.net" ]; }; } diff --git a/modules/server/irc/znc/default.nix b/modules/server/irc/znc/default.nix index 056419ae492b..559b59e657c2 100644 --- a/modules/server/irc/znc/default.nix +++ b/modules/server/irc/znc/default.nix @@ -7,7 +7,7 @@ services.nginx.virtualHosts."znc.${config.networking.domain}" = { forceSSL = true; - enableACME = true; + useACMEHost = "qyliss.net"; locations = { "/" = { @@ -27,5 +27,7 @@ } ''; + security.acme.certs."qyliss.net".extraDomainNames = [ "znc.qyliss.net" ]; + networking.firewall.allowedTCPPorts = [ 6697 ]; } diff --git a/modules/server/spectrum/acme/default.nix b/modules/server/spectrum/acme/default.nix new file mode 100644 index 000000000000..6a60f52d2456 --- /dev/null +++ b/modules/server/spectrum/acme/default.nix @@ -0,0 +1,7 @@ +{ ... }: + +{ + security.acme.certs."spectrum-os.org" = { + webroot = "/var/lib/acme/acme-challenge"; + }; +} diff --git a/modules/server/spectrum/default.nix b/modules/server/spectrum/default.nix index d8f096c2d820..c18355a4946a 100644 --- a/modules/server/spectrum/default.nix +++ b/modules/server/spectrum/default.nix @@ -1,5 +1,5 @@ { ... }: { - imports = [ ./cgit ./git-http-backend ./nginx ./public-inbox ]; + imports = [ ./acme ./cgit ./git-http-backend ./nginx ./public-inbox ]; } diff --git a/modules/server/spectrum/nginx/default.nix b/modules/server/spectrum/nginx/default.nix index f4fca7ca1676..5067595698c5 100644 --- a/modules/server/spectrum/nginx/default.nix +++ b/modules/server/spectrum/nginx/default.nix @@ -17,7 +17,7 @@ in serverName = head redirectDomains; serverAliases = tail redirectDomains; addSSL = true; - enableACME = true; + useACMEHost = "spectrum-os.org"; globalRedirect = "spectrum-os.org"; }; @@ -26,6 +26,8 @@ in alias = ./robots.txt; }; + security.acme.certs."spectrum-os.org".extraDomainNames = redirectDomains; + # The Spectrum website lives in /home/spectrum/www systemd.services.nginx.serviceConfig.ProtectHome = false; } diff --git a/modules/server/xmpp/default.nix b/modules/server/xmpp/default.nix index f1540e0c569f..3771872741aa 100644 --- a/modules/server/xmpp/default.nix +++ b/modules/server/xmpp/default.nix @@ -23,5 +23,5 @@ ssl.cert = "/var/lib/acme/qyliss.net/fullchain.pem"; }; - users.users.prosody.extraGroups = [ "tls" ]; + users.users.prosody.extraGroups = [ "acme" ]; } |