summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2016-04-13 12:43:30 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2016-04-13 12:43:30 +0200
commit6d7d4c3d80d0f1b9aa2e05d4983d14b0aa63ed79 (patch)
tree04585edcc77f0825730dda8d7a62cfb5202b9484
parentd302a7a994e14acd199f3f92aa933ed8496732e9 (diff)
downloadnixos-6d7d4c3d80d0f1b9aa2e05d4983d14b0aa63ed79.tar
nixos-6d7d4c3d80d0f1b9aa2e05d4983d14b0aa63ed79.tar.gz
nixos-6d7d4c3d80d0f1b9aa2e05d4983d14b0aa63ed79.tar.bz2
nixos-6d7d4c3d80d0f1b9aa2e05d4983d14b0aa63ed79.tar.xz
nixos-6d7d4c3d80d0f1b9aa2e05d4983d14b0aa63ed79.zip
letsencrypt for all domains
Diffstat
-rw-r--r--custom/simp_le.nix3
-rw-r--r--custom/ymir-nginx.nix3
-rw-r--r--ymir.nix20
3 files changed, 20 insertions, 6 deletions
diff --git a/custom/simp_le.nix b/custom/simp_le.nix
index 686533a6..755d8cd6 100644
--- a/custom/simp_le.nix
+++ b/custom/simp_le.nix
@@ -2,10 +2,11 @@
2, simp_le 2, simp_le
3, eject 3, eject
4}: 4}:
5dir: 5#dir:
6domain: 6domain:
7 7
8let 8let
9 dir = "/etc/ssl/self/${domain}";
9 script = writeText "${domain}.sh" '' 10 script = writeText "${domain}.sh" ''
10 backupDir=/root/ssl_archive/$(date +'%Y-%m-%d')-$$-${domain} 11 backupDir=/root/ssl_archive/$(date +'%Y-%m-%d')-$$-${domain}
11 mkdir -p ${dir} 12 mkdir -p ${dir}
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
index fd7d7e94..a130bcd1 100644
--- a/custom/ymir-nginx.nix
+++ b/custom/ymir-nginx.nix
@@ -79,6 +79,9 @@ in {
79 listen [::]:80; 79 listen [::]:80;
80 server_name _; 80 server_name _;
81 81
82 include ${favicon};
83 include ${acme};
84
82 root /srv/www/praseodym.org; 85 root /srv/www/praseodym.org;
83 } 86 }
84 87
diff --git a/ymir.nix b/ymir.nix
index 722bbc08..f7308906 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -9,8 +9,8 @@ let
9 enabled = true; 9 enabled = true;
10 domain = name; 10 domain = name;
11 ssl = { 11 ssl = {
12 key = "certs/${name}.key"; 12 key = "ssl/${name}/key.pem";
13 cert = "certs/${name}.crt"; 13 cert = "ssl/${name}/fullchain.pem";
14 }; 14 };
15 }; 15 };
16 simp_le = pkgs.callPackage ./custom/simp_le.nix {}; 16 simp_le = pkgs.callPackage ./custom/simp_le.nix {};
@@ -130,13 +130,23 @@ in rec {
130 enable = true; 130 enable = true;
131 systab = '' 131 systab = ''
132 %weekly * * nix-collect-garbage --delete-older-than '7d' 132 %weekly * * nix-collect-garbage --delete-older-than '7d'
133 %monthly * * * ${simp_le "/etc/nginx/ssl/git.yggdrasil.li" "git.yggdrasil.li"} 133 %monthly * * * ${simp_le "git.yggdrasil.li"}
134 %monthly * * * ${simp_le "/etc/nginx/ssl/dirty-haskell.org" "dirty-haskell.org"} 134 %monthly * * * ${simp_le "dirty-haskell.org"}
135 %monthly * * * ${simp_le "/etc/nginx/ssl/www.dirty-haskell.org" "www.dirty-haskell.org"} 135 %monthly * * * ${simp_le "www.dirty-haskell.org"}
136 %monthly * * * ${simp_le "141.li"}
137 %monthly * * * ${simp_le "xmpp.li"}
138 %monthly * * * ${simp_le "yggdrasil.li"}
139 %monthly * * * ${simp_le "praseodym.org"}
136 %daily * * systemctl reload nginx.service 140 %daily * * systemctl reload nginx.service
137 ''; 141 '';
138 }; 142 };
139 143
144 users.groups."ssl" = {
145 members = [ "prosody"
146 "nginx"
147 ];
148 };
149
140 services.chrony = { 150 services.chrony = {
141 enable = true; 151 enable = true;
142 }; 152 };
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-03 15:58:34 +0000