cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

services/nginx: enable for dandelion

Browse source
This commit is contained in:
LavaDesu 2024-07-24 13:23:12 +10:00
parent ef9c4f3a08
commit d4b9c485b6
Signed by: cilly
GPG key ID: 6500251E087653C9
3 changed files with 9 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/dandelion/default.nix
View file

@ -14,6 +14,7 @@
security security
#wireguard #wireguard
modules.services.nginx
modules.services.postgres modules.services.postgres
./filesystem.nix ./filesystem.nix

6
modules/services/nginx.nix
View file

@ -1,4 +1,5 @@
{ config, inputs, ... }: { { config, inputs, ... }: {
networking.firewall.allowedTCPPorts = [ 80 443 ];
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
email = "me@lava.moe"; email = "me@lava.moe";
@ -27,6 +28,11 @@
forceSSL = true; forceSSL = true;
root = inputs.website.outPath; root = inputs.website.outPath;
}; };
"cdn.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
root = "/persist/cdn";
};
"_" = { "_" = {
default = true; default = true;
addSSL = true; addSSL = true;

3
secrets.nix
View file

@ -3,13 +3,14 @@ let
blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj"; blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj";
caramel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPFJT1XYyjDZFHYT/8RdxAReKkeU8QfpLrmMjEeW/80"; caramel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPFJT1XYyjDZFHYT/8RdxAReKkeU8QfpLrmMjEeW/80";
sugarcane = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImymDDLSOdLcsox8wxS9Z84fsbsz6Mi58OU0od2p/ZQ"; sugarcane = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIImymDDLSOdLcsox8wxS9Z84fsbsz6Mi58OU0od2p/ZQ";
dandelion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFUk99ku7+eiIO7Q9sIPlPx3GiUljLv7W404W/zwrtzI";
rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15"; rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15";
in { in {
"secrets/passwd.age".publicKeys = [ anemone blossom caramel sugarcane rin ]; "secrets/passwd.age".publicKeys = [ anemone blossom caramel sugarcane rin ];
"secrets/wpa_conf.age".publicKeys = [ blossom caramel rin ]; "secrets/wpa_conf.age".publicKeys = [ blossom caramel rin ];
"secrets/acme_dns.age".publicKeys = [ caramel rin ]; "secrets/acme_dns.age".publicKeys = [ dandelion rin ];
"secrets/warden_admin.age".publicKeys = [ caramel rin ]; "secrets/warden_admin.age".publicKeys = [ caramel rin ];
"secrets/wg_blossom.age".publicKeys = [ blossom rin ]; "secrets/wg_blossom.age".publicKeys = [ blossom rin ];
"secrets/wg_caramel.age".publicKeys = [ caramel rin ]; "secrets/wg_caramel.age".publicKeys = [ caramel rin ];