From 0a49126bc3e2a2b2ef45f192a5a46c58ff1f01f2 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 24 Jan 2016 11:38:32 +0100
Subject: acme-challenge

---
 custom/ymir-nginx.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix
index 4e13e019..8750ac9f 100644
--- a/custom/ymir-nginx.nix
+++ b/custom/ymir-nginx.nix
@@ -18,10 +18,16 @@ let
   '';
 
   favicon = builtins.toFile "favicon" ''
-    location /favicon.ico {
+    location = /favicon.ico {
       root /srv/www/praseodym.org;
     }
   '';
+
+  acme = builtins.toFile "acme" ''
+    location /.well-known/acme-challenge {
+      root /srv/www/acme/$hostname/.well-known/acme-challenge;
+    }
+  '';
 in {
   services.nginx = {
     enable = true;
@@ -76,6 +82,7 @@ in {
         server_name dirty-haskell.org www.dirty-haskell.org;
 
         include ${favicon};
+        include ${acme};
 
         root /srv/www/dirty-haskell.org;
       }
@@ -86,6 +93,7 @@ in {
         server_name dirty-haskell.org;
 
         include ${favicon};
+        include ${acme};
 
         ssl_certificate /etc/nginx/ssl/dirty-haskell.org/fullchain.pem;
         ssl_certificate_key /etc/nginx/ssl/dirty-haskell.org/privkey.pem;
@@ -99,6 +107,7 @@ in {
         server_name www.dirty-haskell.org;
 
         include ${favicon};
+        include ${acme};
 
         ssl_certificate /etc/nginx/ssl/www.dirty-haskell.org/fullchain.pem;
         ssl_certificate_key /etc/nginx/ssl/www.dirty-haskell.org/privkey.pem;
@@ -116,6 +125,7 @@ in {
 	try_files $uri @cgit;
 
         include ${favicon};
+        include ${acme};
 
         location @cgit {
 	  include ${uwsgi_params};
-- 
cgit v1.2.3