Compare commits
1 commit
be67bc49bb
...
62a0ed4468
| Author | SHA1 | Date | |
|---|---|---|---|
 Tristan Daniël Maat
|
62a0ed4468
|
|
|
@ -138,6 +138,7 @@
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
clientMaxBodySize = "10G";
|
clientMaxBodySize = "10G";
|
||||||
|
domain = "tlater.net";
|
||||||
|
|
||||||
statusPage = true; # For metrics, should be accessible only from localhost
|
statusPage = true; # For metrics, should be accessible only from localhost
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,14 +4,6 @@
|
||||||
./disko.nix
|
./disko.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# Intel's special encrypted memory<->CPU feature. Hetzner's BIOS
|
|
||||||
# disables it by default.
|
|
||||||
#
|
|
||||||
# TODO(tlater): See if would be useful for anything?
|
|
||||||
boot.kernelParams = ["nosgx"];
|
|
||||||
|
|
||||||
services.nginx.domain = "116.202.158.55";
|
|
||||||
|
|
||||||
systemd.network.networks."eth0" = {
|
systemd.network.networks."eth0" = {
|
||||||
matchConfig.MACAddress = "90:1b:0e:c1:8c:62";
|
matchConfig.MACAddress = "90:1b:0e:c1:8c:62";
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,8 +6,6 @@
|
||||||
# Required for the lish console
|
# Required for the lish console
|
||||||
boot.kernelParams = ["console=ttyS0,19200n8"];
|
boot.kernelParams = ["console=ttyS0,19200n8"];
|
||||||
|
|
||||||
services.nginx.domain = "tlater.net";
|
|
||||||
|
|
||||||
boot.loader = {
|
boot.loader = {
|
||||||
# Timeout to allow lish to connect
|
# Timeout to allow lish to connect
|
||||||
timeout = 10;
|
timeout = 10;
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
# Sets the base domain for nginx to localhost so that we
|
# Sets the base domain for nginx to localhost so that we
|
||||||
# can easily test locally with the VM.
|
# can easily test locally with the VM.
|
||||||
services.nginx.domain = "localhost";
|
services.nginx.domain = lib.mkOverride 99 "localhost";
|
||||||
|
|
||||||
# Use the staging secrets
|
# Use the staging secrets
|
||||||
sops.defaultSopsFile = lib.mkOverride 99 ../../keys/staging.yaml;
|
sops.defaultSopsFile = lib.mkOverride 99 ../../keys/staging.yaml;
|
||||||
|
|
|
||||||
|
|
@ -1,23 +1,8 @@
|
||||||
{
|
{lib, ...}: let
|
||||||
pkgs,
|
inherit (lib) mkOption types;
|
||||||
config,
|
in {
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
options.services.nginx.domain = lib.mkOption {
|
options.services.nginx.domain = lib.mkOption {
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
description = "The base domain name to append to virtual domain names";
|
description = "The base domain name to append to virtual domain names";
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
|
||||||
# Don't attempt to run acme if the domain name is not tlater.net
|
|
||||||
systemd.services = let
|
|
||||||
confirm = ''[[ "tlater.net" = ${config.services.nginx.domain} ]]'';
|
|
||||||
in
|
|
||||||
lib.mapAttrs' (cert: _:
|
|
||||||
lib.nameValuePair "acme-${cert}" {
|
|
||||||
serviceConfig.ExecCondition = ''${pkgs.runtimeShell} -c '${confirm}' '';
|
|
||||||
})
|
|
||||||
config.security.acme.certs;
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue