Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Infini-DL360: use wildcard certificate

Browse source
This commit is contained in:
Infinidoge 2025-02-15 03:53:42 -05:00
parent 2203788b2d
commit 8ab1fe878b
Signed by: Infinidoge
SSH key fingerprint: SHA256:EMoPe5e2dO0gEvtBb2xkZTz5dkyL0rBmuiGTKG5s96E
13 changed files with 34 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/Infini-DL360/conduwuit.nix
View file

@ -31,7 +31,7 @@ in
networking.firewall.allowedTCPPorts = [ 8448 ]; networking.firewall.allowedTCPPorts = [ 8448 ];
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
${domain} = common.nginx.ssl // { ${domain} = common.nginx.ssl-inx // {
locations."^~ /_matrix" = { locations."^~ /_matrix" = {
proxyPass = host; proxyPass = host;
recommendedProxySettings = false; recommendedProxySettings = false;

2
hosts/Infini-DL360/forgejo.nix
View file

@ -102,7 +102,7 @@ in
}; };
}; };
services.nginx.virtualHosts.${domain} = common.nginx.ssl // { services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
locations."/" = { locations."/" = {
proxyPass = "http://${cfg.settings.server.DOMAIN}:${toString cfg.settings.server.HTTP_PORT}"; proxyPass = "http://${cfg.settings.server.DOMAIN}:${toString cfg.settings.server.HTTP_PORT}";
extraConfig = '' extraConfig = ''

2
hosts/Infini-DL360/freshrss.nix
View file

@ -4,7 +4,7 @@ let
domain = "freshrss.inx.moe"; domain = "freshrss.inx.moe";
in in
{ {
services.nginx.virtualHosts.${domain} = common.nginx.ssl; services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx;
services.freshrss = { services.freshrss = {
enable = true; enable = true;

2
hosts/Infini-DL360/hedgedoc.nix
View file

@ -28,7 +28,7 @@ in
}; };
}; };
services.nginx.virtualHosts.${domain} = common.nginx.ssl // { services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
locations."/" = { locations."/" = {
proxyPass = "http://${cfg.settings.host}:${toString cfg.settings.port}"; proxyPass = "http://${cfg.settings.host}:${toString cfg.settings.port}";
}; };

2
hosts/Infini-DL360/hydra.nix
View file

@ -9,7 +9,7 @@ let
domain = common.subdomain "hydra"; domain = common.subdomain "hydra";
in in
{ {
services.nginx.virtualHosts.${domain} = common.nginx.ssl // { services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString config.services.hydra.port}"; proxyPass = "http://localhost:${toString config.services.hydra.port}";
}; };

2
hosts/Infini-DL360/immich.nix
View file

@ -9,7 +9,7 @@ let
cfg = config.services.immich; cfg = config.services.immich;
in in
{ {
services.nginx.virtualHosts.${domain} = common.nginx.ssl // { services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
extraConfig = '' extraConfig = ''
client_max_body_size 5000M; client_max_body_size 5000M;

2
hosts/Infini-DL360/jellyfin.nix
View file

@ -13,7 +13,7 @@ let
''; '';
in in
{ {
services.nginx.virtualHosts."jellyfin.inx.moe" = common.nginx.ssl // { services.nginx.virtualHosts."jellyfin.inx.moe" = common.nginx.ssl-inx // {
extraConfig = '' extraConfig = ''
client_max_body_size 20M; client_max_body_size 20M;
''; '';

2
hosts/Infini-DL360/radicale.nix
View file

@ -27,7 +27,7 @@ in
}; };
}; };
services.nginx.virtualHosts.${domain} = common.nginx.ssl // { services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
locations."/".proxyPass = "http://localhost:5232"; locations."/".proxyPass = "http://localhost:5232";
}; };
} }

2
hosts/Infini-DL360/searx.nix
View file

@ -43,7 +43,7 @@ in
users.users.nginx.extraGroups = [ "searx" ]; users.users.nginx.extraGroups = [ "searx" ];
services.nginx.virtualHosts.${domain} = common.nginx.ssl // { services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
locations."/" = { locations."/" = {
extraConfig = '' extraConfig = ''
include ${config.services.nginx.package}/conf/uwsgi_params; include ${config.services.nginx.package}/conf/uwsgi_params;

2
hosts/Infini-DL360/thelounge.nix
View file

@ -6,7 +6,7 @@
}: }:
{ {
services.nginx.virtualHosts."thelounge.inx.moe" = common.nginx.ssl // { services.nginx.virtualHosts."thelounge.inx.moe" = common.nginx.ssl-inx // {
locations."/" = { locations."/" = {
proxyPass = "http://localhost:${toString config.services.thelounge.port}"; proxyPass = "http://localhost:${toString config.services.thelounge.port}";
}; };

2
hosts/Infini-DL360/vaultwarden.nix
View file

@ -12,7 +12,7 @@ in
{ {
persist.directories = [ config.services.vaultwarden.dataDir ]; persist.directories = [ config.services.vaultwarden.dataDir ];
services.nginx.virtualHosts.${domain} = common.nginx.ssl // { services.nginx.virtualHosts.${domain} = common.nginx.ssl-inx // {
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
}; };

15
hosts/Infini-DL360/web.nix
View file

@ -6,7 +6,12 @@
... ...
}: }:
let let
inherit (common.nginx) ssl ssl-optional; inherit (common.nginx)
ssl
ssl-optional
ssl-inx
ssl-inx-optional
;
tryFiles = "$uri $uri.html $uri/ =404"; tryFiles = "$uri $uri.html $uri/ =404";
websiteConfig = '' websiteConfig = ''
@ -56,12 +61,12 @@ in
websites websites
// redirects // redirects
// { // {
"j.inx.moe" = ssl-optional // { "j.inx.moe" = ssl-inx-optional // {
locations."/" = { locations."/" = {
return = "302 $jump_link"; return = "302 $jump_link";
}; };
}; };
"blahaj.inx.moe" = ssl-optional // { "blahaj.inx.moe" = ssl-inx-optional // {
locations."/" = { locations."/" = {
tryFiles = "/Blahaj.png =404"; tryFiles = "/Blahaj.png =404";
root = ./static; root = ./static;
@ -79,7 +84,7 @@ in
return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/"; return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
}; };
}; };
"files.inx.moe" = ssl // { "files.inx.moe" = ssl-inx // {
locations."/" = { locations."/" = {
root = "/srv/web/files.inx.moe"; root = "/srv/web/files.inx.moe";
extraConfig = '' extraConfig = ''
@ -90,7 +95,7 @@ in
root = "/srv/web/files.inx.moe"; root = "/srv/web/files.inx.moe";
}; };
}; };
"old.inx.moe" = ssl-optional // { "old.inx.moe" = ssl-inx-optional // {
locations."/" = { locations."/" = {
root = "/srv/web/inx.moe"; root = "/srv/web/inx.moe";
inherit tryFiles; inherit tryFiles;

18
modules/global/common.nix
View file

@ -6,17 +6,25 @@
domain = "inx.moe"; domain = "inx.moe";
subdomain = subdomain: "${subdomain}.${domain}"; subdomain = subdomain: "${subdomain}.${domain}";
nginx = rec { nginx = {
ssl-cert = { ssl-optional = {
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;
};
ssl-optional = ssl-cert // {
addSSL = true; addSSL = true;
}; };
ssl = ssl-cert // { ssl = {
enableACME = true;
acmeRoot = null;
forceSSL = true; forceSSL = true;
}; };
ssl-inx = {
useACMEHost = domain;
forceSSL = true;
};
ssl-inx-optional = {
useACMEHost = domain;
addSSL = true;
};
}; };
rsyncnet = rec { rsyncnet = rec {