diff --git a/hosts/sid/services/nginx.nix b/hosts/sid/services/nginx.nix index ca44b46..1b538ac 100644 --- a/hosts/sid/services/nginx.nix +++ b/hosts/sid/services/nginx.nix @@ -19,12 +19,12 @@ in enable = true; openFirewall = true; forceSSL = ssl; - # virtualHosts."*" = { - # forceSSL = false; - # locations."/.well-known/acme-challenge/" = { - # root = "/var/lib/acme/acme-challenge"; - # }; - # }; + virtualHosts."_" = { + forceSSL = false; + locations."/.well-known/acme-challenge/" = { + root = "/var/lib/acme/acme-challenge"; + }; + }; virtualHosts."${constants.services.docs.fqdn}" = mkVirtualHost { inherit ssl; address = constants.hosts.rx4.ip; @@ -40,10 +40,14 @@ in address = constants.hosts.rx4.ip; port = constants.services.miniflux.port; }; - # virtualHosts."${constants.services.netdata.fqdn}" = mkVirtualHost { - # inherit ssl; - # port = constants.services.netdata.port; - # }; + virtualHosts."${constants.services.netdata.fqdn}" = { + useACMEHost = "sid-internal"; + forceSSL = ssl; + locations."/" = { + proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.netdata.port}"; + proxyWebsockets = true; + }; + }; virtualHosts."${constants.services.open-webui-oci.fqdn}" = mkVirtualHost { inherit ssl; address = constants.hosts.rx4.ip; @@ -61,20 +65,23 @@ in address = constants.hosts.rx4.ip; port = constants.services.rsshub-oci.port; }; - # virtualHosts."${constants.services.vaultwarden.fqdn}" = { - # useACMEHost = "sid-internal"; - # forceSSL = ssl; - # locations = { - # "/" = { - # proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.vaultwarden.port}"; - # }; - # }; - # }; - # virtualHosts."${constants.services.webdav.fqdn}" = mkVirtualHost { - # inherit ssl; - # address = constants.hosts.rx4.ip; - # port = constants.services.webdav.port; - # }; + virtualHosts."${constants.services.vaultwarden.fqdn}" = { + useACMEHost = "sid-internal"; + forceSSL = ssl; + locations = { + "/" = { + proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.vaultwarden.port}"; + }; + }; + }; + virtualHosts."${constants.services.webdav.fqdn}" = { + useACMEHost = "sid-internal"; + forceSSL = ssl; + locations."/" = { + proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.webdav.port}"; + proxyWebsockets = true; + }; + }; # FIXME # virtualHosts."print.sid.ovh" = { # enableACME = true; diff --git a/hosts/sid/services/step-ca.nix b/hosts/sid/services/step-ca.nix index 1f3ec53..d3abb11 100644 --- a/hosts/sid/services/step-ca.nix +++ b/hosts/sid/services/step-ca.nix @@ -75,18 +75,19 @@ in "d /var/lib/acme/acme-challenge 0755 acme nginx" ]; - # security.acme = { - # certs."sid-internal" = { - # domain = constants.services.vaultwarden.fqdn; - # # extraDomainNames = [ - # # constants.services.netdata.fqdn - # # constants.services.vaultwarden.fqdn - # # constants.services.webdav.fqdn - # # ]; - # server = "https://${constants.ca-fqdn}:${toString cfg.port}/acme/acme/directory"; - # group = "nginx"; - # }; - # }; + security.acme = { + certs."sid-internal" = { + # domain = constants.intranet; + domain = constants.services.vaultwarden.fqdn; + extraDomainNames = [ + constants.services.netdata.fqdn + # constants.services.vaultwarden.fqdn + constants.services.webdav.fqdn + ]; + server = "https://${constants.ca-fqdn}:${toString cfg.port}/acme/acme/directory"; + group = "nginx"; + }; + }; sops = let