summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--custom/simp_le.nix18
-rw-r--r--custom/ymir-nginx.nix5
-rw-r--r--ymir.nix4
3 files changed, 26 insertions, 1 deletions
diff --git a/custom/simp_le.nix b/custom/simp_le.nix
new file mode 100644
index 00000000..ed85fc51
--- /dev/null
+++ b/custom/simp_le.nix
@@ -0,0 +1,18 @@
1{ stdenv, simp_le
2, util-linux
3}:
4dir:
5domain:
6
7let
8 script = bulitins.toFile "cert.sh" ''
9 cd $dir
10 ${simp_le}/bin/simp_le -d ${domain}:/srv/www/acme/${domain}/ \
11 --email "phikeebaogobaegh@141.li" \
12 -f account_key.json \
13 -f cert.pem \
14 -f fullchain.pem \
15 -f key.pem
16 '';
17in
18 "${stdenv}/bin/bash ${script} ${dir} ${domain} > ${util-linux}/bin/logger -p auth.info"
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
index 32707ee6..4c3880ce 100644
--- a/custom/ymir-nginx.nix
+++ b/custom/ymir-nginx.nix
@@ -117,9 +117,14 @@ in {
117 117
118 server { 118 server {
119 listen *:80; 119 listen *:80;
120 listen *:443 ssl;
120 listen [::]:80; 121 listen [::]:80;
122 listen [::]:443 ssl;
121 server_name git.yggdrasil.li www.git.yggdrasil.li; 123 server_name git.yggdrasil.li www.git.yggdrasil.li;
122 124
125 ssl_certificate /etc/nginx/ssl/$server_name/fullchain.pem;
126 ssl_certificate_key /etc/nginx/ssl/$server_name/privkey.pem;
127
123 root ${pkgs.cgit}/cgit; 128 root ${pkgs.cgit}/cgit;
124 129
125 try_files $uri @cgit; 130 try_files $uri @cgit;
diff --git a/ymir.nix b/ymir.nix
index e668ecfc..bed72276 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -13,6 +13,7 @@ let
13 cert = "certs/${name}.crt"; 13 cert = "certs/${name}.crt";
14 }; 14 };
15 }; 15 };
16 simp_le = pkgs.callPackage ./custom/simp_le.nix {};
16in rec { 17in rec {
17 imports = 18 imports =
18 [ 19 [
@@ -128,7 +129,8 @@ in rec {
128 services.fcron = { 129 services.fcron = {
129 enable = true; 130 enable = true;
130 systab = '' 131 systab = ''
131 %weekly * * nix-collect-garbage --delete-older-than '7d' 132 %weekly * * nix-collect-garbage --delete-older-than '7d'
133 %monthly * * * ${simp_le "/etc/nginx/ssl/git.yggdrasil.li" "git.yggdrasil.li"}
132 ''; 134 '';
133 }; 135 };
134 136