WIP: acme: Switch to a wildcard certificate
This commit is contained in:
parent
8f178f776e
commit
45d2502125
|
@ -49,6 +49,12 @@
|
|||
security.acme = {
|
||||
defaults.email = "tm@tlater.net";
|
||||
acceptTerms = true;
|
||||
|
||||
certs."tlater.net" = {
|
||||
extraDomainNames = ["*.tlater.net"];
|
||||
dnsProvider = "hetzner";
|
||||
group = "nginx";
|
||||
};
|
||||
};
|
||||
|
||||
services.backups.acme = {
|
||||
|
|
|
@ -44,7 +44,7 @@
|
|||
|
||||
services.nginx.virtualHosts."afvalcalendar.${config.services.nginx.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
useACMEHost = "tlater.net";
|
||||
enableHSTS = true;
|
||||
|
||||
root = "/srv/afvalcalendar";
|
||||
|
|
|
@ -178,7 +178,7 @@ in {
|
|||
};
|
||||
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
enableACME = true;
|
||||
useACMEHost = "tlater.net";
|
||||
|
||||
listen = [
|
||||
{
|
||||
|
|
|
@ -24,7 +24,7 @@ in {
|
|||
inherit (config.services.foundryvtt) port;
|
||||
in {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
useACMEHost = "tlater.net";
|
||||
enableHSTS = true;
|
||||
|
||||
locations."/" = {
|
||||
|
|
|
@ -41,7 +41,7 @@ in {
|
|||
httpPort = config.services.forgejo.settings.server.HTTP_PORT;
|
||||
in {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
useACMEHost = "tlater.net";
|
||||
enableHSTS = true;
|
||||
|
||||
locations."/".proxyPass = "http://${httpAddress}:${toString httpPort}";
|
||||
|
|
|
@ -38,7 +38,7 @@ in {
|
|||
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
useACMEHost = "tlater.net";
|
||||
enableHSTS = true;
|
||||
locations."/".proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}";
|
||||
};
|
||||
|
|
|
@ -45,7 +45,7 @@ in {
|
|||
# Set up SSL
|
||||
services.nginx.virtualHosts."${hostName}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
useACMEHost = "tlater.net";
|
||||
# The upstream module already adds HSTS
|
||||
};
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@ in {
|
|||
serverAliases = ["www.${domain}"];
|
||||
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
useACMEHost = "tlater.net";
|
||||
enableHSTS = true;
|
||||
|
||||
locations."/".proxyPass = "http://${addr}:${toString port}";
|
||||
|
|
Loading…
Reference in a new issue