diff options
Diffstat (limited to 'custom/ymir-nginx.nix')
-rw-r--r-- | custom/ymir-nginx.nix | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix index 54b0084f..0506b5c7 100644 --- a/custom/ymir-nginx.nix +++ b/custom/ymir-nginx.nix | |||
@@ -28,6 +28,11 @@ let | |||
28 | root /srv/www/acme/$host/; | 28 | root /srv/www/acme/$host/; |
29 | } | 29 | } |
30 | ''; | 30 | ''; |
31 | |||
32 | ssl = builtins.toFile "ssl" '' | ||
33 | ssl_certificate /var/lib/acme/yggdrasil.li/fullchain.pem; | ||
34 | ssl_certificate_key /var/lib/acme/yggdrasil.li/key.pem; | ||
35 | ''; | ||
31 | in { | 36 | in { |
32 | services.nginx = { | 37 | services.nginx = { |
33 | enable = true; | 38 | enable = true; |
@@ -104,8 +109,7 @@ in { | |||
104 | include ${favicon}; | 109 | include ${favicon}; |
105 | include ${acme}; | 110 | include ${acme}; |
106 | 111 | ||
107 | ssl_certificate /etc/ssl/self/dirty-haskell.org/fullchain.pem; | 112 | include ${ssl}; |
108 | ssl_certificate_key /etc/ssl/self/dirty-haskell.org/privkey.pem; | ||
109 | 113 | ||
110 | root /srv/www/dirty-haskell.org; | 114 | root /srv/www/dirty-haskell.org; |
111 | } | 115 | } |
@@ -118,8 +122,7 @@ in { | |||
118 | include ${favicon}; | 122 | include ${favicon}; |
119 | include ${acme}; | 123 | include ${acme}; |
120 | 124 | ||
121 | ssl_certificate /etc/ssl/self/www.dirty-haskell.org/fullchain.pem; | 125 | include ${ssl}; |
122 | ssl_certificate_key /etc/ssl/self/www.dirty-haskell.org/privkey.pem; | ||
123 | 126 | ||
124 | root /srv/www/dirty-haskell.org; | 127 | root /srv/www/dirty-haskell.org; |
125 | } | 128 | } |
@@ -129,8 +132,6 @@ in { | |||
129 | listen *:443 ssl; | 132 | listen *:443 ssl; |
130 | listen [::]:80; | 133 | listen [::]:80; |
131 | listen [::]:443 ssl; | 134 | listen [::]:443 ssl; |
132 | ssl_certificate /etc/ssl/self/git.yggdrasil.li/fullchain.pem; | ||
133 | ssl_certificate_key /etc/ssl/self/git.yggdrasil.li/key.pem; | ||
134 | server_name git.yggdrasil.li; | 135 | server_name git.yggdrasil.li; |
135 | 136 | ||
136 | root ${pkgs.cgit}/cgit; | 137 | root ${pkgs.cgit}/cgit; |
@@ -140,6 +141,8 @@ in { | |||
140 | include ${favicon}; | 141 | include ${favicon}; |
141 | include ${acme}; | 142 | include ${acme}; |
142 | 143 | ||
144 | include ${ssl}; | ||
145 | |||
143 | location @cgit { | 146 | location @cgit { |
144 | include ${uwsgi_params}; | 147 | include ${uwsgi_params}; |
145 | uwsgi_pass unix:/tmp/cgit.sock; | 148 | uwsgi_pass unix:/tmp/cgit.sock; |