WIP: acme: Switch to a wildcard certificate

This commit is contained in:
Tristan Daniël Maat 2024-04-16 01:08:13 +02:00
parent 8f178f776e
commit 45d2502125
Signed by: tlater
GPG key ID: 49670FD774E43268
8 changed files with 13 additions and 7 deletions

View file

@ -49,6 +49,12 @@
security.acme = {
defaults.email = "tm@tlater.net";
acceptTerms = true;
certs."tlater.net" = {
extraDomainNames = ["*.tlater.net"];
dnsProvider = "hetzner";
group = "nginx";
};
};
services.backups.acme = {

View file

@ -44,7 +44,7 @@
services.nginx.virtualHosts."afvalcalendar.${config.services.nginx.domain}" = {
forceSSL = true;
enableACME = true;
useACMEHost = "tlater.net";
enableHSTS = true;
root = "/srv/afvalcalendar";

View file

@ -178,7 +178,7 @@ in {
};
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
useACMEHost = "tlater.net";
listen = [
{

View file

@ -24,7 +24,7 @@ in {
inherit (config.services.foundryvtt) port;
in {
forceSSL = true;
enableACME = true;
useACMEHost = "tlater.net";
enableHSTS = true;
locations."/" = {

View file

@ -41,7 +41,7 @@ in {
httpPort = config.services.forgejo.settings.server.HTTP_PORT;
in {
forceSSL = true;
enableACME = true;
useACMEHost = "tlater.net";
enableHSTS = true;
locations."/".proxyPass = "http://${httpAddress}:${toString httpPort}";

View file

@ -38,7 +38,7 @@ in {
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
useACMEHost = "tlater.net";
enableHSTS = true;
locations."/".proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}";
};

View file

@ -45,7 +45,7 @@ in {
# Set up SSL
services.nginx.virtualHosts."${hostName}" = {
forceSSL = true;
enableACME = true;
useACMEHost = "tlater.net";
# The upstream module already adds HSTS
};

View file

@ -16,7 +16,7 @@ in {
serverAliases = ["www.${domain}"];
forceSSL = true;
enableACME = true;
useACMEHost = "tlater.net";
enableHSTS = true;
locations."/".proxyPass = "http://${addr}:${toString port}";