simp_le test

author: Gregor Kleen <gkleen@yggdrasil.li> 2016-01-24 12:10:16 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2016-01-24 12:10:16 +0100
commit: 0fb62fe4d86f3e140bd989d3a3aca2d76c395549 (patch)
tree: 339f9af244b7ff5fb0ce0e315b4945833593f9b2
parent: 7b1c4e0c395f358cb9d4b6850af01cdd3e2a3a80 (diff)
download: nixos-0fb62fe4d86f3e140bd989d3a3aca2d76c395549.tar
nixos-0fb62fe4d86f3e140bd989d3a3aca2d76c395549.tar.gz
nixos-0fb62fe4d86f3e140bd989d3a3aca2d76c395549.tar.bz2
nixos-0fb62fe4d86f3e140bd989d3a3aca2d76c395549.tar.xz
nixos-0fb62fe4d86f3e140bd989d3a3aca2d76c395549.zip
3 files changed, 26 insertions, 1 deletions
diff --git a/custom/simp_le.nix b/custom/simp_le.nix
new file mode 100644
index 00000000..ed85fc51
--- /dev/null
+++ b/custom/simp_le.nix
@@ -0,0 +1,18 @@
+{ stdenv, simp_le
+, util-linux
+}:
+dir:
+domain:
+let
+  script = bulitins.toFile "cert.sh" ''
+    cd $dir
+    ${simp_le}/bin/simp_le -d ${domain}:/srv/www/acme/${domain}/ \
+      --email "phikeebaogobaegh@141.li" \
+      -f account_key.json \
+      -f cert.pem \
+      -f fullchain.pem \
+      -f key.pem
+  '';
+in
+  "${stdenv}/bin/bash ${script} ${dir} ${domain} > ${util-linux}/bin/logger -p auth.info"
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
index 32707ee6..4c3880ce 100644
--- a/custom/ymir-nginx.nix
+++ b/custom/ymir-nginx.nix
@@ -117,9 +117,14 @@ in {
      server {
        listen *:80;
+        listen *:443 ssl;
        listen [::]:80;
+        listen [::]:443 ssl;
        server_name git.yggdrasil.li www.git.yggdrasil.li;
+        ssl_certificate /etc/nginx/ssl/$server_name/fullchain.pem;
+        ssl_certificate_key /etc/nginx/ssl/$server_name/privkey.pem;
        root ${pkgs.cgit}/cgit;
        try_files $uri @cgit;
diff --git a/ymir.nix b/ymir.nix
index e668ecfc..bed72276 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -13,6 +13,7 @@ let
      cert = "certs/${name}.crt";
    };
  };
+  simp_le = pkgs.callPackage ./custom/simp_le.nix {};
 in rec {
  imports =
    [
@@ -128,7 +129,8 @@ in rec {
  services.fcron = {
    enable = true;
    systab = ''
-      %weekly * * nix-collect-garbage --delete-older-than '7d'
+      %weekly  * *   nix-collect-garbage --delete-older-than '7d'
+      %monthly * * * ${simp_le "/etc/nginx/ssl/git.yggdrasil.li" "git.yggdrasil.li"}
    '';
  };
author	Gregor Kleen <gkleen@yggdrasil.li>	2016-01-24 12:10:16 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2016-01-24 12:10:16 +0100
commit	0fb62fe4d86f3e140bd989d3a3aca2d76c395549 (patch)
tree	339f9af244b7ff5fb0ce0e315b4945833593f9b2
parent	7b1c4e0c395f358cb9d4b6850af01cdd3e2a3a80 (diff)
download	nixos-0fb62fe4d86f3e140bd989d3a3aca2d76c395549.tar nixos-0fb62fe4d86f3e140bd989d3a3aca2d76c395549.tar.gz nixos-0fb62fe4d86f3e140bd989d3a3aca2d76c395549.tar.bz2 nixos-0fb62fe4d86f3e140bd989d3a3aca2d76c395549.tar.xz nixos-0fb62fe4d86f3e140bd989d3a3aca2d76c395549.zip

diff --git a/custom/simp_le.nix b/custom/simp_le.nix new file mode 100644 index 00000000..ed85fc51 --- /dev/null +++ b/custom/simp_le.nix
@@ -0,0 +1,18 @@
		1	{ stdenv, simp_le
		2	, util-linux
		3	}:
		4	dir:
		5	domain:
		6
		7	let
		8	script = bulitins.toFile "cert.sh" ''
		9	cd $dir
		10	${simp_le}/bin/simp_le -d ${domain}:/srv/www/acme/${domain}/ \
		11	--email "phikeebaogobaegh@141.li" \
		12	-f account_key.json \
		13	-f cert.pem \
		14	-f fullchain.pem \
		15	-f key.pem
		16	'';
		17	in
		18	"${stdenv}/bin/bash ${script} ${dir} ${domain} > ${util-linux}/bin/logger -p auth.info"


diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix index 32707ee6..4c3880ce 100644 --- a/custom/ymir-nginx.nix +++ b/custom/ymir-nginx.nix
@@ -117,9 +117,14 @@ in {
117		117
118	server {	118	server {
119	listen *:80;	119	listen *:80;
		120	listen *:443 ssl;
120	listen [::]:80;	121	listen [::]:80;
		122	listen [::]:443 ssl;
121	server_name git.yggdrasil.li www.git.yggdrasil.li;	123	server_name git.yggdrasil.li www.git.yggdrasil.li;
122		124
		125	ssl_certificate /etc/nginx/ssl/$server_name/fullchain.pem;
		126	ssl_certificate_key /etc/nginx/ssl/$server_name/privkey.pem;
		127
123	root ${pkgs.cgit}/cgit;	128	root ${pkgs.cgit}/cgit;
124		129
125	try_files $uri @cgit;	130	try_files $uri @cgit;


diff --git a/ymir.nix b/ymir.nix index e668ecfc..bed72276 100644 --- a/ymir.nix +++ b/ymir.nix
@@ -13,6 +13,7 @@ let
13	cert = "certs/${name}.crt";	13	cert = "certs/${name}.crt";
14	};	14	};
15	};	15	};
		16	simp_le = pkgs.callPackage ./custom/simp_le.nix {};
16	in rec {	17	in rec {
17	imports =	18	imports =
18	[	19	[
@@ -128,7 +129,8 @@ in rec {
128	services.fcron = {	129	services.fcron = {
129	enable = true;	130	enable = true;
130	systab = ''	131	systab = ''
131	%weekly * * nix-collect-garbage --delete-older-than '7d'	132	%weekly * * nix-collect-garbage --delete-older-than '7d'
		133	%monthly * * * ${simp_le "/etc/nginx/ssl/git.yggdrasil.li" "git.yggdrasil.li"}
132	'';	134	'';
133	};	135	};
134		136