From 0fb62fe4d86f3e140bd989d3a3aca2d76c395549 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 24 Jan 2016 12:10:16 +0100 Subject: simp_le test --- custom/simp_le.nix | 18 ++++++++++++++++++ custom/ymir-nginx.nix | 5 +++++ ymir.nix | 4 +++- 3 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 custom/simp_le.nix diff --git a/custom/simp_le.nix b/custom/simp_le.nix new file mode 100644 index 00000000..ed85fc51 --- /dev/null +++ b/custom/simp_le.nix @@ -0,0 +1,18 @@ +{ stdenv, simp_le +, util-linux +}: +dir: +domain: + +let + script = bulitins.toFile "cert.sh" '' + cd $dir + ${simp_le}/bin/simp_le -d ${domain}:/srv/www/acme/${domain}/ \ + --email "phikeebaogobaegh@141.li" \ + -f account_key.json \ + -f cert.pem \ + -f fullchain.pem \ + -f key.pem + ''; +in + "${stdenv}/bin/bash ${script} ${dir} ${domain} > ${util-linux}/bin/logger -p auth.info" diff --git a/custom/ymir-nginx.nix b/custom/ymir-nginx.nix index 32707ee6..4c3880ce 100644 --- a/custom/ymir-nginx.nix +++ b/custom/ymir-nginx.nix @@ -117,9 +117,14 @@ in { server { listen *:80; + listen *:443 ssl; listen [::]:80; + listen [::]:443 ssl; server_name git.yggdrasil.li www.git.yggdrasil.li; + ssl_certificate /etc/nginx/ssl/$server_name/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/$server_name/privkey.pem; + root ${pkgs.cgit}/cgit; try_files $uri @cgit; diff --git a/ymir.nix b/ymir.nix index e668ecfc..bed72276 100644 --- a/ymir.nix +++ b/ymir.nix @@ -13,6 +13,7 @@ let cert = "certs/${name}.crt"; }; }; + simp_le = pkgs.callPackage ./custom/simp_le.nix {}; in rec { imports = [ @@ -128,7 +129,8 @@ in rec { services.fcron = { enable = true; systab = '' - %weekly * * nix-collect-garbage --delete-older-than '7d' + %weekly * * nix-collect-garbage --delete-older-than '7d' + %monthly * * * ${simp_le "/etc/nginx/ssl/git.yggdrasil.li" "git.yggdrasil.li"} ''; }; -- cgit v1.2.3