sid/sid.ovh
1
0
Fork 0
Code Issues 3 Pull requests 2 Projects Releases Packages Wiki Activity Actions

Merge pull request 'disable dhparams' (#45) from develop into master
All checks were successful
Deploy configs / deploy-configs (push) Successful in 20s
Details

Browse source 
Reviewed-on: #45
This commit is contained in:
sid 2026-05-05 13:33:29 +02:00
commit 8d572c0f21
3 changed files with 5 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

41
hosts/rx4/services/nginx.nix
View file

@ -13,18 +13,6 @@ in
inputs.synix.nixosModules.nginx inputs.synix.nixosModules.nginx
]; ];
security.acme = {
certs."sid-internal" = {
domain = constants.services.vaultwarden.fqdn;
extraDomainNames = [
constants.services.netdata.fqdn
constants.services.webdav.fqdn
];
server = "https://${constants.ca-fqdn}:8443/acme/acme/directory";
group = "nginx";
};
};
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/www 0755 gitea-runner ${cfg.group} -" "d /var/www 0755 gitea-runner ${cfg.group} -"
]; ];
@ -35,8 +23,8 @@ in
services.nginx = { services.nginx = {
enable = true; enable = true;
openFirewall = true; openFirewall = false;
forceSSL = true; forceSSL = false;
virtualHosts = { virtualHosts = {
"${constants.services.docs.fqdn}" = { "${constants.services.docs.fqdn}" = {
@ -44,31 +32,6 @@ in
root = "/var/www/doc"; root = "/var/www/doc";
}; };
}; };
"${constants.services.netdata.fqdn}" = {
forceSSL = true;
useACMEHost = "sid-internal";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
proxyWebsockets = true;
};
};
"${constants.services.vaultwarden.fqdn}" = {
forceSSL = true;
useACMEHost = "sid-internal";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString constants.services.vaultwarden.port}";
};
};
"${constants.services.webdav.fqdn}" = {
forceSSL = true;
useACMEHost = "sid-internal";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString constants.services.webdav.port}";
proxyWebsockets = true;
};
};
}; };
}; };
} }

6
hosts/sid/services/coredns.nix
View file

@ -14,10 +14,10 @@
hosts { hosts {
${hosts.sid.ip} ${ca-fqdn} ${hosts.sid.ip} ${ca-fqdn}
${hosts.rx4.ip} ${services.netdata.fqdn}
${hosts.rx4.ip} ${services.vaultwarden.fqdn}
${hosts.rx4.ip} ${services.webdav.fqdn}
${hosts.rx4.ip} rx4.tail ${hosts.rx4.ip} rx4.tail
${hosts.sid.ip} ${services.netdata.fqdn}
${hosts.sid.ip} ${services.vaultwarden.fqdn}
${hosts.sid.ip} ${services.webdav.fqdn}
${hosts.sid.ip} sid.tail ${hosts.sid.ip} sid.tail
${hosts.vde.ip} vde.tail ${hosts.vde.ip} vde.tail
fallthrough fallthrough

1
hosts/sid/services/step-ca.nix
View file

@ -26,7 +26,6 @@ in
key = config.sops.secrets."step-ca/intermediate-key".path; key = config.sops.secrets."step-ca/intermediate-key".path;
dnsNames = [ dnsNames = [
constants.ca-fqdn constants.ca-fqdn
constants.hosts.rx4.ip
constants.hosts.sid.ip constants.hosts.sid.ip
]; ];
logger = { logger = {