Compare commits

..

1 commit

Author SHA1 Message Date
Tristan Daniël Maat 051d7dce95
WIP: authelia: Add SSO 2024-04-15 03:24:18 +02:00
9 changed files with 7 additions and 18 deletions

View file

@ -49,13 +49,6 @@
security.acme = { security.acme = {
defaults.email = "tm@tlater.net"; defaults.email = "tm@tlater.net";
acceptTerms = true; acceptTerms = true;
certs."tlater.net" = {
extraDomainNames = ["*.tlater.net"];
dnsProvider = "hetzner";
group = "nginx";
credentialFiles."HETZNER_API_KEY_FILE" = config.sops.secrets."hetzner-api".path;
};
}; };
services.backups.acme = { services.backups.acme = {

View file

@ -44,7 +44,7 @@
services.nginx.virtualHosts."afvalcalendar.${config.services.nginx.domain}" = { services.nginx.virtualHosts."afvalcalendar.${config.services.nginx.domain}" = {
forceSSL = true; forceSSL = true;
useACMEHost = "tlater.net"; enableACME = true;
enableHSTS = true; enableHSTS = true;
root = "/srv/afvalcalendar"; root = "/srv/afvalcalendar";

View file

@ -178,7 +178,7 @@ in {
}; };
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
useACMEHost = "tlater.net"; enableACME = true;
listen = [ listen = [
{ {

View file

@ -24,7 +24,7 @@ in {
inherit (config.services.foundryvtt) port; inherit (config.services.foundryvtt) port;
in { in {
forceSSL = true; forceSSL = true;
useACMEHost = "tlater.net"; enableACME = true;
enableHSTS = true; enableHSTS = true;
locations."/" = { locations."/" = {

View file

@ -41,7 +41,7 @@ in {
httpPort = config.services.forgejo.settings.server.HTTP_PORT; httpPort = config.services.forgejo.settings.server.HTTP_PORT;
in { in {
forceSSL = true; forceSSL = true;
useACMEHost = "tlater.net"; enableACME = true;
enableHSTS = true; enableHSTS = true;
locations."/".proxyPass = "http://${httpAddress}:${toString httpPort}"; locations."/".proxyPass = "http://${httpAddress}:${toString httpPort}";

View file

@ -38,7 +38,7 @@ in {
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
forceSSL = true; forceSSL = true;
useACMEHost = "tlater.net"; enableACME = true;
enableHSTS = true; enableHSTS = true;
enableAuthorization = true; enableAuthorization = true;
locations."/".proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}"; locations."/".proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}";

View file

@ -45,7 +45,7 @@ in {
# Set up SSL # Set up SSL
services.nginx.virtualHosts."${hostName}" = { services.nginx.virtualHosts."${hostName}" = {
forceSSL = true; forceSSL = true;
useACMEHost = "tlater.net"; enableACME = true;
# The upstream module already adds HSTS # The upstream module already adds HSTS
}; };

View file

@ -16,7 +16,7 @@ in {
serverAliases = ["www.${domain}"]; serverAliases = ["www.${domain}"];
forceSSL = true; forceSSL = true;
useACMEHost = "tlater.net"; enableACME = true;
enableHSTS = true; enableHSTS = true;
locations."/".proxyPass = "http://${addr}:${toString port}"; locations."/".proxyPass = "http://${addr}:${toString port}";

View file

@ -34,10 +34,6 @@
"heisenbridge/as-token" = {}; "heisenbridge/as-token" = {};
"heisenbridge/hs-token" = {}; "heisenbridge/hs-token" = {};
"hetzner-api" = {
owner = "acme";
};
# Nextcloud # Nextcloud
"nextcloud/tlater" = { "nextcloud/tlater" = {
owner = "nextcloud"; owner = "nextcloud";