diff options
| -rw-r--r-- | custom/ymir-nginx.nix | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix index 4e13e019..8750ac9f 100644 --- a/custom/ymir-nginx.nix +++ b/custom/ymir-nginx.nix | |||
| @@ -18,10 +18,16 @@ let | |||
| 18 | ''; | 18 | ''; |
| 19 | 19 | ||
| 20 | favicon = builtins.toFile "favicon" '' | 20 | favicon = builtins.toFile "favicon" '' |
| 21 | location /favicon.ico { | 21 | location = /favicon.ico { |
| 22 | root /srv/www/praseodym.org; | 22 | root /srv/www/praseodym.org; |
| 23 | } | 23 | } |
| 24 | ''; | 24 | ''; |
| 25 | |||
| 26 | acme = builtins.toFile "acme" '' | ||
| 27 | location /.well-known/acme-challenge { | ||
| 28 | root /srv/www/acme/$hostname/.well-known/acme-challenge; | ||
| 29 | } | ||
| 30 | ''; | ||
| 25 | in { | 31 | in { |
| 26 | services.nginx = { | 32 | services.nginx = { |
| 27 | enable = true; | 33 | enable = true; |
| @@ -76,6 +82,7 @@ in { | |||
| 76 | server_name dirty-haskell.org www.dirty-haskell.org; | 82 | server_name dirty-haskell.org www.dirty-haskell.org; |
| 77 | 83 | ||
| 78 | include ${favicon}; | 84 | include ${favicon}; |
| 85 | include ${acme}; | ||
| 79 | 86 | ||
| 80 | root /srv/www/dirty-haskell.org; | 87 | root /srv/www/dirty-haskell.org; |
| 81 | } | 88 | } |
| @@ -86,6 +93,7 @@ in { | |||
| 86 | server_name dirty-haskell.org; | 93 | server_name dirty-haskell.org; |
| 87 | 94 | ||
| 88 | include ${favicon}; | 95 | include ${favicon}; |
| 96 | include ${acme}; | ||
| 89 | 97 | ||
| 90 | ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem; | 98 | ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem; |
| 91 | ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem; | 99 | ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem; |
| @@ -99,6 +107,7 @@ in { | |||
| 99 | server_name www.dirty-haskell.org; | 107 | server_name www.dirty-haskell.org; |
| 100 | 108 | ||
| 101 | include ${favicon}; | 109 | include ${favicon}; |
| 110 | include ${acme}; | ||
| 102 | 111 | ||
| 103 | ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem; | 112 | ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem; |
| 104 | ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem; | 113 | ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem; |
| @@ -116,6 +125,7 @@ in { | |||
| 116 | try_files $uri @cgit; | 125 | try_files $uri @cgit; |
| 117 | 126 | ||
| 118 | include ${favicon}; | 127 | include ${favicon}; |
| 128 | include ${acme}; | ||
| 119 | 129 | ||
| 120 | location @cgit { | 130 | location @cgit { |
| 121 | include ${uwsgi_params}; | 131 | include ${uwsgi_params}; |