sid/sid.ovh
1
0
Fork 0
Code Issues 3 Pull requests 2 Projects Releases Packages Wiki Activity Actions

remove tailnet ssl
All checks were successful
Build hosts / build-hosts (pull_request) Successful in 16s
Details
Flake check / flake-check (pull_request) Successful in 19s
Details

Browse source
This commit is contained in:
sid 2026-04-03 14:39:57 +02:00
parent b971881b2a
commit c6c4d905ac
1 changed files with 0 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

24
hosts/sid/services/nginx.nix
View file

@ -1,6 +1,5 @@
{ {
inputs, inputs,
config,
constants, constants,
lib, lib,
... ...
@ -16,33 +15,10 @@ in
inputs.synix.nixosModules.nginx inputs.synix.nixosModules.nginx
]; ];
users.users.nginx.extraGroups = [ "tailscale" ];
systemd.services.nginx.serviceConfig = {
SupplementaryGroups = [ "tailscale" ];
Requires = [ "tailscaled.service" ];
After = [ "tailscaled.service" ];
};
systemd.services."generate-tailscale-certs-${constants.hosts.sid.domain}" = {
wantedBy = [ "multi-user.target" ];
before = [ "nginx.service" ];
after = [ "tailscaled.service" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${config.services.tailscale.package}/bin/tailscale cert ${constants.hosts.sid.domain}";
User = "root";
};
};
services.nginx = { services.nginx = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
forceSSL = ssl; forceSSL = ssl;
virtualHosts."${constants.hosts.sid.domain}" = {
sslCertificate = "/var/lib/tailscale/certs/${constants.hosts.sid.domain}.crt";
sslCertificateKey = "/var/lib/tailscale/certs/${constants.hosts.sid.domain}.key";
forceSSL = true;
};
virtualHosts."${constants.services.docs.fqdn}" = mkVirtualHost { virtualHosts."${constants.services.docs.fqdn}" = mkVirtualHost {
inherit ssl; inherit ssl;
address = constants.hosts.rx4.ip; address = constants.hosts.rx4.ip;