From b2bd904bb65ee9cd6593ffed39969690ae73e7e1 Mon Sep 17 00:00:00 2001 From: Caroline Larimore Date: Mon, 22 Jul 2024 00:47:26 -0700 Subject: Setup SSL --- roles/web/default.nix | 5 +++++ roles/web/personal/default.nix | 8 ++++++-- roles/web/stargazers/default.nix | 9 +++++++-- 3 files changed, 18 insertions(+), 4 deletions(-) (limited to 'roles') diff --git a/roles/web/default.nix b/roles/web/default.nix index d9fc202..6797ac5 100644 --- a/roles/web/default.nix +++ b/roles/web/default.nix @@ -5,4 +5,9 @@ ./personal ./stargazers ]; + + security.acme = { + acceptTerms = true; + defaults.email = "caroline@larimo.re"; + }; } diff --git a/roles/web/personal/default.nix b/roles/web/personal/default.nix index e036f98..16bf024 100644 --- a/roles/web/personal/default.nix +++ b/roles/web/personal/default.nix @@ -28,13 +28,17 @@ in { }; config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { enable = true; virtualHosts = { "caroline.larimo.re" = { - serverAliases = [ "cxl.sh" "localhost" ]; + serverAliases = [ "cxl.sh" ]; + + addSSL = true; + enableACME = true; + locations."/" = { recommendedProxySettings = true; proxyPass = "http://localhost:8080/"; diff --git a/roles/web/stargazers/default.nix b/roles/web/stargazers/default.nix index b7cca11..644f91f 100644 --- a/roles/web/stargazers/default.nix +++ b/roles/web/stargazers/default.nix @@ -7,12 +7,17 @@ let cfg = config.roles.web.stargazers; in { }; config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { enable = true; virtualHosts = { - "stargazers.xn--6frz82g".root = "/srv/web/stargazers"; + "stargazers.xn--6frz82g" = { + addSSL = true; + enableACME = true; + + root = "/srv/web/stargazers"; + }; }; }; }; -- cgit v1.2.3