diff options
-rw-r--r-- | custom/simp_le.nix | 18 | ||||
-rw-r--r-- | custom/ymir-nginx.nix | 5 | ||||
-rw-r--r-- | ymir.nix | 4 |
3 files changed, 26 insertions, 1 deletions
diff --git a/custom/simp_le.nix b/custom/simp_le.nix new file mode 100644 index 00000000..ed85fc51 --- /dev/null +++ b/custom/simp_le.nix | |||
@@ -0,0 +1,18 @@ | |||
1 | { stdenv, simp_le | ||
2 | , util-linux | ||
3 | }: | ||
4 | dir: | ||
5 | domain: | ||
6 | |||
7 | let | ||
8 | script = bulitins.toFile "cert.sh" '' | ||
9 | cd $dir | ||
10 | ${simp_le}/bin/simp_le -d ${domain}:/srv/www/acme/${domain}/ \ | ||
11 | --email "phikeebaogobaegh@141.li" \ | ||
12 | -f account_key.json \ | ||
13 | -f cert.pem \ | ||
14 | -f fullchain.pem \ | ||
15 | -f key.pem | ||
16 | ''; | ||
17 | in | ||
18 | "${stdenv}/bin/bash ${script} ${dir} ${domain} > ${util-linux}/bin/logger -p auth.info" | ||
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix index 32707ee6..4c3880ce 100644 --- a/custom/ymir-nginx.nix +++ b/custom/ymir-nginx.nix | |||
@@ -117,9 +117,14 @@ in { | |||
117 | 117 | ||
118 | server { | 118 | server { |
119 | listen *:80; | 119 | listen *:80; |
120 | listen *:443 ssl; | ||
120 | listen [::]:80; | 121 | listen [::]:80; |
122 | listen [::]:443 ssl; | ||
121 | server_name git.yggdrasil.li www.git.yggdrasil.li; | 123 | server_name git.yggdrasil.li www.git.yggdrasil.li; |
122 | 124 | ||
125 | ssl_certificate /etc/nginx/ssl/$server_name/fullchain.pem; | ||
126 | ssl_certificate_key /etc/nginx/ssl/$server_name/privkey.pem; | ||
127 | |||
123 | root ${pkgs.cgit}/cgit; | 128 | root ${pkgs.cgit}/cgit; |
124 | 129 | ||
125 | try_files $uri @cgit; | 130 | try_files $uri @cgit; |
@@ -13,6 +13,7 @@ let | |||
13 | cert = "certs/${name}.crt"; | 13 | cert = "certs/${name}.crt"; |
14 | }; | 14 | }; |
15 | }; | 15 | }; |
16 | simp_le = pkgs.callPackage ./custom/simp_le.nix {}; | ||
16 | in rec { | 17 | in rec { |
17 | imports = | 18 | imports = |
18 | [ | 19 | [ |
@@ -128,7 +129,8 @@ in rec { | |||
128 | services.fcron = { | 129 | services.fcron = { |
129 | enable = true; | 130 | enable = true; |
130 | systab = '' | 131 | systab = '' |
131 | %weekly * * nix-collect-garbage --delete-older-than '7d' | 132 | %weekly * * nix-collect-garbage --delete-older-than '7d' |
133 | %monthly * * * ${simp_le "/etc/nginx/ssl/git.yggdrasil.li" "git.yggdrasil.li"} | ||
132 | ''; | 134 | ''; |
133 | }; | 135 | }; |
134 | 136 | ||