Infini-OPTIPLEX: refactor nginx config and use acme certs

2024-04-26 02:43:52 -04:00 · 2024-04-26 02:43:52 -04:00 · d784d4eee4
commit d784d4eee4
parent 12bb7ac8db
8 changed files with 83 additions and 31 deletions
--- a/hosts/Infini-OPTIPLEX/default.nix
+++ b/hosts/Infini-OPTIPLEX/default.nix
@ -8,6 +8,7 @@
    ./thelounge.nix
    ./vaultwarden.nix
    ./jellyfin.nix
+    ./web.nix
  ];

  system.stateVersion = "23.05";
@ -59,30 +60,17 @@

  services.fail2ban.enable = true;

-  services.nginx = {
-    enable = true;
+  services.nginx.enable = true;

-    virtualHosts =
-      let
-        cfg = config.services.nginx;
-        inherit (config.common.nginx) ssl ssl-optional;
-      in
-      {
-        "*.inx.moe" = ssl // {
-          globalRedirect = "inx.moe";
-        };
-        "blahaj.inx.moe" = ssl-optional // {
-          locations."/" = {
-            tryFiles = "/Blahaj.png =404";
-            root = ./static;
-          };
-        };
-        "nitter.inx.moe" = ssl // {
-          globalRedirect = "twitter.com";
-        };
-        "ponder.inx.moe" = ssl // {
-          locations."/".root = pkgs.ponder;
-        };
-      };
+  security.acme.certs."inx.moe" = {
+    group = "nginx";
+    extraDomainNames = [ "*.inx.moe" ];
+  };
+
+  services.nginx.virtualHosts."*.inx.moe" = {
+    useACMEHost = "inx.moe";
+    addSSL = true;
+    default = true;
+    globalRedirect = "inx.moe";
  };
 }
--- a/hosts/Infini-OPTIPLEX/web.nix
+++ b/hosts/Infini-OPTIPLEX/web.nix
@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+let
+  inherit (config.common.nginx) ssl ssl-optional;
+in
+{
+  services.nginx.virtualHosts = {
+    "blahaj.inx.moe" = ssl-optional // {
+      locations."/" = {
+        tryFiles = "/Blahaj.png =404";
+        root = ./static;
+      };
+    };
+
+    "ponder.inx.moe" = ssl // {
+      locations."/".root = pkgs.ponder;
+    };
+    "nitter.inx.moe" = ssl // {
+      globalRedirect = "twitter.com";
+    };
+  };
+}