summaryrefslogtreecommitdiff
path: root/hosts/surtr/http.nix
diff options
context:
space:
mode:
Diffstat (limited to 'hosts/surtr/http.nix')
-rw-r--r--hosts/surtr/http.nix13
1 files changed, 12 insertions, 1 deletions
diff --git a/hosts/surtr/http.nix b/hosts/surtr/http.nix
index bf5e0335..0e9146c4 100644
--- a/hosts/surtr/http.nix
+++ b/hosts/surtr/http.nix
@@ -51,7 +51,7 @@
51 "webdav.141.li" = { 51 "webdav.141.li" = {
52 forceSSL = true; 52 forceSSL = true;
53 sslCertificate = "${config.security.acme.certs."webdav.141.li".directory}/fullchain.pem"; 53 sslCertificate = "${config.security.acme.certs."webdav.141.li".directory}/fullchain.pem";
54 sslCertificateKey = "${config.security.acme.certs."webdav.141.li".directory}/key.pem"; 54 sslCertificateKey = "/run/credentials/nginx.service/webdav.141.li.key.pem";
55 locations."/" = { 55 locations."/" = {
56 proxyPass = "http://webdav/"; 56 proxyPass = "http://webdav/";
57 }; 57 };
@@ -60,6 +60,17 @@
60 }; 60 };
61 security.acme.domains."webdav.141.li" = { 61 security.acme.domains."webdav.141.li" = {
62 zone = "141.li"; 62 zone = "141.li";
63 certCfg = {
64 postRun = ''
65 ${pkgs.systemd}/bin/systemctl try-restart nginx.service
66 '';
67 };
68 };
69 systemd.services.nginx = {
70 preStart = lib.mkForce config.services.nginx.preStart;
71 serviceConfig = {
72 LoadCredential = [ "webdav.141.li.key.pem:${config.security.acme.certs."webdav.141.li".directory}/key.pem" ];
73 };
63 }; 74 };
64 }; 75 };
65} 76}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 19:33:14 +0000