diff options
| author | Mel <einebeere@gmail.com> | 2024-12-04 21:05:05 +0100 |
|---|---|---|
| committer | Mel <einebeere@gmail.com> | 2024-12-04 21:05:05 +0100 |
| commit | ddbcbcc9818c9b1ecd9eb97d7c33b8e2bc3f24fa (patch) | |
| tree | e1c90c92863b47e8435fecfd7d3b0e7c10f98956 /machines/lapin | |
| parent | c5364de431203671106fd7e66a27a4c1e932c1f3 (diff) | |
| download | network-ddbcbcc9818c9b1ecd9eb97d7c33b8e2bc3f24fa.tar.zst network-ddbcbcc9818c9b1ecd9eb97d7c33b8e2bc3f24fa.zip | |
Use wildcard certificate for PDS handles
Signed-off-by: Mel <einebeere@gmail.com>
Diffstat (limited to 'machines/lapin')
| -rw-r--r-- | machines/lapin/default.nix | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/machines/lapin/default.nix b/machines/lapin/default.nix index 00d1608..69960c3 100644 --- a/machines/lapin/default.nix +++ b/machines/lapin/default.nix @@ -14,6 +14,17 @@ ../../services/akkoma ]; + security.acme.certs."pds.rnrd.eu" = { + group = "nginx"; + domain = "*.pds.rnrd.eu"; + extraDomainNames = [ "pds.rnrd.eu" ]; + dnsProvider = "cloudflare"; + credentialFiles = { + # TODO: use age + CLOUDFLARE_DNS_API_TOKEN_FILE = "/home/mel/cloudflare-dns-token.pw"; + }; + }; + services.nginx.virtualHosts = { "soc.rnrd.eu" = { forceSSL = true; @@ -35,11 +46,9 @@ }; "pds.rnrd.eu" = { - # NOTE: technically this isn't needed if - # we aren't using the PDS as a handle provider? - # serverAliases = [ "*.pds.rnrd.eu" ]; + serverAliases = [ "*.pds.rnrd.eu" ]; forceSSL = true; - enableACME = true; + useACMEHost = "pds.rnrd.eu"; locations."/" = { proxyWebsockets = true; |