Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Infini-OPTIPLEX: refactor nginx config and use acme certs

Browse source
This commit is contained in:
Infinidoge 2024-04-26 02:43:52 -04:00
parent 12bb7ac8db
commit d784d4eee4
Signed by: Infinidoge
SSH key fingerprint: SHA256:VEv3zmkBzcYYle6/37h+BbOyNDbGy/o8SHh7fcs9RbQ
8 changed files with 83 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/global/security.nix
View file

@ -8,7 +8,11 @@ with lib;
'';
acme = {
acceptTerms = true;
defaults.email = "infinidoge@inx.moe";
defaults = {
email = "infinidoge@inx.moe";
dnsProvider = "cloudflare";
environmentFile = config.secrets.cloudflare;
};
};
pam.sshAgentAuth = {
@ -87,8 +91,8 @@ with lib;
common = {
nginx = rec {
ssl-cert = {
sslCertificate = config.secrets."inx.moe.pem";
sslCertificateKey = config.secrets."inx.moe.key";
enableACME = true;
acmeRoot = null;
};
ssl-optional = ssl-cert // {
addSSL = true;