diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2016-04-26 15:20:25 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2016-04-26 15:20:25 +0200 |
commit | 343b071a70f0e45730666dd5497dc6200606538d (patch) | |
tree | 93c1778dc7cc8a1daff5c3fabc2663ded9434594 /custom | |
parent | c90d9f101a8c6d8a14fb154c19c2fcbf312e0c4c (diff) | |
download | nixos-343b071a70f0e45730666dd5497dc6200606538d.tar nixos-343b071a70f0e45730666dd5497dc6200606538d.tar.gz nixos-343b071a70f0e45730666dd5497dc6200606538d.tar.bz2 nixos-343b071a70f0e45730666dd5497dc6200606538d.tar.xz nixos-343b071a70f0e45730666dd5497dc6200606538d.zip |
switched ssl certs to security.acme completely
Diffstat (limited to 'custom')
-rw-r--r-- | custom/simp_le.nix | 32 | ||||
-rw-r--r-- | custom/ymir-nginx.nix | 15 |
2 files changed, 9 insertions, 38 deletions
diff --git a/custom/simp_le.nix b/custom/simp_le.nix deleted file mode 100644 index d37fbb8c..00000000 --- a/custom/simp_le.nix +++ /dev/null | |||
@@ -1,32 +0,0 @@ | |||
1 | { stdenv, writeText | ||
2 | , simp_le | ||
3 | , eject | ||
4 | }: | ||
5 | #dir: | ||
6 | domain: | ||
7 | |||
8 | let | ||
9 | dir = "/etc/ssl/self/${domain}"; | ||
10 | script = writeText "${domain}.sh" '' | ||
11 | backupDir=/root/ssl_archive/$(date +'%Y-%m-%d')-$$-${domain} | ||
12 | mkdir -p ${dir} | ||
13 | cd ${dir} | ||
14 | mkdir -p $backupDir | ||
15 | for f in account_key.json cert.pem fullchain.pem key.pem privkey.pem; do | ||
16 | [[ -e $f ]] && mv -v $f $backupDir | ||
17 | done | ||
18 | ${simp_le}/bin/simp_le -d ${domain}:/srv/www/acme/${domain}/ \ | ||
19 | --email "phikeebaogobaegh@141.li" \ | ||
20 | -f account_key.json \ | ||
21 | -f cert.pem \ | ||
22 | -f fullchain.pem \ | ||
23 | -f key.pem | ||
24 | if [[ $? -ne 0 ]]; then | ||
25 | for f in ./*; do rm -v $f; done | ||
26 | mv -v $backupDir/* . && rmdir $backupDir | ||
27 | else | ||
28 | [[ -e key.pem ]] && ln -s -f key.pem privkey.pem | ||
29 | fi | ||
30 | ''; | ||
31 | in | ||
32 | "bash ${script} 2>&1 | ${eject}/bin/logger -p auth.info" | ||
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix index 54b0084f..0506b5c7 100644 --- a/custom/ymir-nginx.nix +++ b/custom/ymir-nginx.nix | |||
@@ -28,6 +28,11 @@ let | |||
28 | root /srv/www/acme/$host/; | 28 | root /srv/www/acme/$host/; |
29 | } | 29 | } |
30 | ''; | 30 | ''; |
31 | |||
32 | ssl = builtins.toFile "ssl" '' | ||
33 | ssl_certificate /var/lib/acme/yggdrasil.li/fullchain.pem; | ||
34 | ssl_certificate_key /var/lib/acme/yggdrasil.li/key.pem; | ||
35 | ''; | ||
31 | in { | 36 | in { |
32 | services.nginx = { | 37 | services.nginx = { |
33 | enable = true; | 38 | enable = true; |
@@ -104,8 +109,7 @@ in { | |||
104 | include ${favicon}; | 109 | include ${favicon}; |
105 | include ${acme}; | 110 | include ${acme}; |
106 | 111 | ||
107 | ssl_certificate /etc/ssl/self/dirty-haskell.org/fullchain.pem; | 112 | include ${ssl}; |
108 | ssl_certificate_key /etc/ssl/self/dirty-haskell.org/privkey.pem; | ||
109 | 113 | ||
110 | root /srv/www/dirty-haskell.org; | 114 | root /srv/www/dirty-haskell.org; |
111 | } | 115 | } |
@@ -118,8 +122,7 @@ in { | |||
118 | include ${favicon}; | 122 | include ${favicon}; |
119 | include ${acme}; | 123 | include ${acme}; |
120 | 124 | ||
121 | ssl_certificate /etc/ssl/self/www.dirty-haskell.org/fullchain.pem; | 125 | include ${ssl}; |
122 | ssl_certificate_key /etc/ssl/self/www.dirty-haskell.org/privkey.pem; | ||
123 | 126 | ||
124 | root /srv/www/dirty-haskell.org; | 127 | root /srv/www/dirty-haskell.org; |
125 | } | 128 | } |
@@ -129,8 +132,6 @@ in { | |||
129 | listen *:443 ssl; | 132 | listen *:443 ssl; |
130 | listen [::]:80; | 133 | listen [::]:80; |
131 | listen [::]:443 ssl; | 134 | listen [::]:443 ssl; |
132 | ssl_certificate /etc/ssl/self/git.yggdrasil.li/fullchain.pem; | ||
133 | ssl_certificate_key /etc/ssl/self/git.yggdrasil.li/key.pem; | ||
134 | server_name git.yggdrasil.li; | 135 | server_name git.yggdrasil.li; |
135 | 136 | ||
136 | root ${pkgs.cgit}/cgit; | 137 | root ${pkgs.cgit}/cgit; |
@@ -140,6 +141,8 @@ in { | |||
140 | include ${favicon}; | 141 | include ${favicon}; |
141 | include ${acme}; | 142 | include ${acme}; |
142 | 143 | ||
144 | include ${ssl}; | ||
145 | |||
143 | location @cgit { | 146 | location @cgit { |
144 | include ${uwsgi_params}; | 147 | include ${uwsgi_params}; |
145 | uwsgi_pass unix:/tmp/cgit.sock; | 148 | uwsgi_pass unix:/tmp/cgit.sock; |