xengi/infra
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enable acme http challenge

Browse source
This commit is contained in:
XenGi 2025-12-04 15:14:37 +01:00
parent 0c71452bb8
commit ea94303f03
Signed by: xengi
SSH key fingerprint: SHA256:jxWM2RTHvxxcncXycwwWkP7HCWb4VREN05UGJTbIPZg
2 changed files with 7 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
configuration.nix
View file

@ -146,7 +146,7 @@
renewInterval = "daily"; renewInterval = "daily";
email = "acme@xengi.de"; email = "acme@xengi.de";
group = "nginx"; group = "nginx";
webroot = "/var/lib/acme/acme-challenge"; webroot = "/var/lib/acme/acme-challenges";
}; };
}; };
}; };

7
services/nginx.nix
View file

@ -4,6 +4,8 @@ let
fqdn = "matrix.berlin.ccc.de"; fqdn = "matrix.berlin.ccc.de";
in in
{ {
users.users.nginx.extraGroups = [ "acme" ];
services.nginx = { services.nginx = {
enable = true; enable = true;
resolver.addresses = [ resolver.addresses = [
@ -46,6 +48,7 @@ in
} }
]; ];
locations = { locations = {
"/.well-known/acme-challenge".root = config.security.acme.defaults.webroot;
"/".return = "418 \"I'm a Teapot!\""; "/".return = "418 \"I'm a Teapot!\"";
"= /.well-known/matrix/client" = { "= /.well-known/matrix/client" = {
return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.berlin.ccc.de\"}}'"; return = "200 '{\"m.homeserver\": {\"base_url\": \"https://matrix.berlin.ccc.de\"}}'";
@ -67,5 +70,7 @@ in
}; };
}; };
security.acme.certs."${fqdn}".reloadServices = [ "nginx" ]; security.acme.certs."${fqdn}" = {
reloadServices = [ "nginx" ];
};
} }