summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2016-01-24 11:38:32 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2016-01-24 11:38:32 +0100
commit0a49126bc3e2a2b2ef45f192a5a46c58ff1f01f2 (patch)
treed08aed158e84facb4ecce71500c1d1ffca9cb4f2
parent7689ce8c7890eda81cae0a2aa2660c6c54c6ae96 (diff)
downloadnixos-0a49126bc3e2a2b2ef45f192a5a46c58ff1f01f2.tar
nixos-0a49126bc3e2a2b2ef45f192a5a46c58ff1f01f2.tar.gz
nixos-0a49126bc3e2a2b2ef45f192a5a46c58ff1f01f2.tar.bz2
nixos-0a49126bc3e2a2b2ef45f192a5a46c58ff1f01f2.tar.xz
nixos-0a49126bc3e2a2b2ef45f192a5a46c58ff1f01f2.zip
acme-challenge
-rw-r--r--custom/ymir-nginx.nix12
1 files changed, 11 insertions, 1 deletions
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
index 4e13e019..8750ac9f 100644
--- a/custom/ymir-nginx.nix
+++ b/custom/ymir-nginx.nix
@@ -18,10 +18,16 @@ let
18 ''; 18 '';
19 19
20 favicon = builtins.toFile "favicon" '' 20 favicon = builtins.toFile "favicon" ''
21 location /favicon.ico { 21 location = /favicon.ico {
22 root /srv/www/praseodym.org; 22 root /srv/www/praseodym.org;
23 } 23 }
24 ''; 24 '';
25
26 acme = builtins.toFile "acme" ''
27 location /.well-known/acme-challenge {
28 root /srv/www/acme/$hostname/.well-known/acme-challenge;
29 }
30 '';
25in { 31in {
26 services.nginx = { 32 services.nginx = {
27 enable = true; 33 enable = true;
@@ -76,6 +82,7 @@ in {
76 server_name dirty-haskell.org www.dirty-haskell.org; 82 server_name dirty-haskell.org www.dirty-haskell.org;
77 83
78 include ${favicon}; 84 include ${favicon};
85 include ${acme};
79 86
80 root /srv/www/dirty-haskell.org; 87 root /srv/www/dirty-haskell.org;
81 } 88 }
@@ -86,6 +93,7 @@ in {
86 server_name dirty-haskell.org; 93 server_name dirty-haskell.org;
87 94
88 include ${favicon}; 95 include ${favicon};
96 include ${acme};
89 97
90 ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem; 98 ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem;
91 ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem; 99 ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
@@ -99,6 +107,7 @@ in {
99 server_name www.dirty-haskell.org; 107 server_name www.dirty-haskell.org;
100 108
101 include ${favicon}; 109 include ${favicon};
110 include ${acme};
102 111
103 ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem; 112 ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem;
104 ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem; 113 ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
@@ -116,6 +125,7 @@ in {
116 try_files $uri @cgit; 125 try_files $uri @cgit;
117 126
118 include ${favicon}; 127 include ${favicon};
128 include ${acme};
119 129
120 location @cgit { 130 location @cgit {
121 include ${uwsgi_params}; 131 include ${uwsgi_params};