diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/nixos/services/web/cgit/ca.crt | 31 | ||||
| -rw-r--r-- | modules/nixos/services/web/cgit/default.nix | 17 |
2 files changed, 41 insertions, 7 deletions
diff --git a/modules/nixos/services/web/cgit/ca.crt b/modules/nixos/services/web/cgit/ca.crt new file mode 100644 index 0000000..45156da --- /dev/null +++ b/modules/nixos/services/web/cgit/ca.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFZTCCA02gAwIBAgIUPjIi+YtJg6XTncDUIzI4/5ZwYx0wDQYJKoZIhvcNAQEL +BQAwQjELMAkGA1UEBhMCVVMxDzANBgNVBAgMBk9yZWdvbjERMA8GA1UEBwwIUG9y +dGxhbmQxDzANBgNVBAoMBmN4bC5zaDAeFw0yNjAzMDMwODI1MjhaFw0yNzAzMDMw +ODI1MjhaMEIxCzAJBgNVBAYTAlVTMQ8wDQYDVQQIDAZPcmVnb24xETAPBgNVBAcM +CFBvcnRsYW5kMQ8wDQYDVQQKDAZjeGwuc2gwggIiMA0GCSqGSIb3DQEBAQUAA4IC +DwAwggIKAoICAQDpjWYj0L77oAS8zlTQ0vz9R0fahAzM2Smj4RRooKsnl27JX4dl +GHaKnqSLFZPnvMzFm/dZAhKhK+GvtRCZFo4snzqJArmf9jd1rRr5mHau09LWRRjo +13uB2Jpz3sHApk/IB4X6jY2jAHDnRLffUJWnjRBuL9JQF6DrYZQJyYB5NED1H4VC +mMFnMSt/vTiHI0zmTUQ32kD4wJ2aabIXajY7xilvBK6+ojd1bzJrPjnpjxyhETPG +oD9zJhv7FpGo3ZTRxT7/ThqRn59diaosJmv+4t9IIu2aRYZBswOH3hi9LeG+VKvb +T+Qt3v53GwSlXyPr7gOAULXUulXRdbhSXcvLDGTGkHw6NR/COqPJQXcX2Tsw8rtd +qx9Uipls5PMehDcj+YvnY0SH6Rq9Rxzy3sXAlnjj9LJ4w2+5EOWn9kYXz3mViTJO +s9iCGO3KEVqMYfIIvbf4UJzx71HE6HMkD+3tZaAtLlyu17U8qEa+CMnQe9nMlwn6 +Fr3PDubD97mscMtgRL5M1GgHIxIKSQ5IolrCy4gUYlxBbx7BfoK0eDY9j0ZTuWlG ++a/Qr05a3xXHe7wZzVexF+/U/LI7MvpldcpiNKQUeV5ROsEFFwqajc9syKpR/pto +oc2mNogfnnk2BRCBsDPQPk/dPwRzXSheSKF8Zr/RQ/bJ0lOU2OCh5i1QtwIDAQAB +o1MwUTAdBgNVHQ4EFgQU5bI59TE9BUJm/nlQQPSwInAs1ccwHwYDVR0jBBgwFoAU +5bI59TE9BUJm/nlQQPSwInAs1ccwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B +AQsFAAOCAgEAIVcnN67lf8hriVvrGf4wsL8yCBFRGyNx8qrkMpD3DLlXrGRgMwl1 +F7pgbaA7zWhOtc4XyRq/FBVRLVbX36Nyp6BKLj0aR8+qPxaqGq1fKOVDYdeoajtR +WG7As+dgaSRBjNPG+pnC0UCquOySBizNiGsuSQy5/BVdNp/5yB1P7kk//Gcjb7Is +ZdEp3hDXCinUQlXrWTVUKwlEfd0gYFjQwVcVZpDZHKF9JsfImCuNvTmA8fbtHAOT ++heuAFcR/u09j5KANn58ynU9yUefxB5hx0MMKqWRcao9YWFOP12X9PyZWIuRxdw4 +8H1JEjHg/QIi5/YfRU609VandHRU/utPGMb/hJ9vsf4LzS0B15Nj14AgpgDeP3si +zF5OjXn9vCucaqH43qKlhcW3TvscMGpj6ogkQB/eH8qLhcXuXmXUK0sfrLSntKdi +fWNznbW2zw6JRmkE6jgEFlNwqOu3d47Rhs69YT4+wX6KAXRk8VYQ9JPQ8P9Bz3Nj +G1YguLZwFkkoTSwpqH460z3UqkQNuaNUDgBRRVX+syUIPnFNxliwSm8F6aOPLqbm +src9zFQ1JBOS1GCVzJxTgN+sQpW6DP/NVQ4HOw1O/vzuK9bYCsIkbJYX1TVAZoog +Jbs6ke9+UzHTq466d3HjBecFZLoiJgdiiSbJveoANRY3pF/oCvQHjW4= +-----END CERTIFICATE----- diff --git a/modules/nixos/services/web/cgit/default.nix b/modules/nixos/services/web/cgit/default.nix index 2c8139c..e33971e 100644 --- a/modules/nixos/services/web/cgit/default.nix +++ b/modules/nixos/services/web/cgit/default.nix @@ -52,8 +52,7 @@ in { "private" = { enable = true; scanPath = cfg.path; - nginx.virtualHost = cfg.virtualHost; - nginx.location = "/private/"; + nginx.virtualHost = "private.${cfg.virtualHost}"; user = "git"; group = "git"; @@ -72,11 +71,15 @@ in { "${cfg.virtualHost}" = { addSSL = true; enableACME = true; - locations."/private/" = { - basicAuth = { - c = "password"; - }; - }; + }; + "private.${cfg.virtualHost}" = { + addSSL = true; + enableACME = true; + + extraConfig = '' + ssl_client_certificate ${./ca.crt}; + ssl_verify_client on; + ''; }; }; }; |