From 84ada43b1f5af0c9fbded94c82df117301f2dee2 Mon Sep 17 00:00:00 2001 From: sid Date: Sun, 19 Apr 2026 03:12:44 +0200 Subject: [PATCH 1/5] use acme host sid-internal for vaultwarden --- hosts/sid/services/nginx.nix | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/hosts/sid/services/nginx.nix b/hosts/sid/services/nginx.nix index afbc5e0..a1ec0ce 100644 --- a/hosts/sid/services/nginx.nix +++ b/hosts/sid/services/nginx.nix @@ -55,10 +55,13 @@ in address = constants.hosts.rx4.ip; port = constants.services.rsshub-oci.port; }; - virtualHosts."${constants.services.vaultwarden.fqdn}" = mkVirtualHost { - inherit ssl; - address = constants.hosts.rx4.ip; - port = constants.services.vaultwarden.port; + virtualHosts."${constants.services.vaultwarden.fqdn}" = { + enableACME = ssl; + forceSSL = ssl; + useACMEHost = "sid-internal"; + locations."/" = { + proxyPass = "http://${constants.hosts.rx4.ip}:${constants.services.vaultwarden.port}"; + }; }; virtualHosts."${constants.services.webdav.fqdn}" = mkVirtualHost { inherit ssl; From d7e5bca275f5fb6d9f1f5f442ebd2345f1bcb7f5 Mon Sep 17 00:00:00 2001 From: sid Date: Sun, 19 Apr 2026 03:16:04 +0200 Subject: [PATCH 2/5] toString --- hosts/sid/services/nginx.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/sid/services/nginx.nix b/hosts/sid/services/nginx.nix index a1ec0ce..eb0b3d5 100644 --- a/hosts/sid/services/nginx.nix +++ b/hosts/sid/services/nginx.nix @@ -60,7 +60,7 @@ in forceSSL = ssl; useACMEHost = "sid-internal"; locations."/" = { - proxyPass = "http://${constants.hosts.rx4.ip}:${constants.services.vaultwarden.port}"; + proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.vaultwarden.port}"; }; }; virtualHosts."${constants.services.webdav.fqdn}" = mkVirtualHost { From 6d39d2a33921c766d8c397ed379440db5ba4fecf Mon Sep 17 00:00:00 2001 From: sid Date: Sun, 19 Apr 2026 03:18:39 +0200 Subject: [PATCH 3/5] remove enableACME --- hosts/sid/services/nginx.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/hosts/sid/services/nginx.nix b/hosts/sid/services/nginx.nix index eb0b3d5..57166b0 100644 --- a/hosts/sid/services/nginx.nix +++ b/hosts/sid/services/nginx.nix @@ -56,9 +56,8 @@ in port = constants.services.rsshub-oci.port; }; virtualHosts."${constants.services.vaultwarden.fqdn}" = { - enableACME = ssl; - forceSSL = ssl; useACMEHost = "sid-internal"; + forceSSL = ssl; locations."/" = { proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.vaultwarden.port}"; }; From 2f28178cb3fcb770592a2739afa43f8994ec7f4d Mon Sep 17 00:00:00 2001 From: sid Date: Sun, 19 Apr 2026 03:20:25 +0200 Subject: [PATCH 4/5] fix acme perms --- hosts/sid/services/step-ca.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/sid/services/step-ca.nix b/hosts/sid/services/step-ca.nix index 20fcae3..9ec74de 100644 --- a/hosts/sid/services/step-ca.nix +++ b/hosts/sid/services/step-ca.nix @@ -75,6 +75,8 @@ in certs."sid-internal" = { domain = "*.${constants.intranet}"; server = "https://${constants.ca-fqdn}:${toString cfg.port}/acme/acme/directory"; + group = "nginx"; + mode = "0640"; }; }; From b2c1a0fc58fcc45ae5ef8e17d5a10d8a13567a0e Mon Sep 17 00:00:00 2001 From: sid Date: Sun, 19 Apr 2026 03:22:23 +0200 Subject: [PATCH 5/5] security.acme.certs..mode does not exist --- hosts/sid/services/step-ca.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/sid/services/step-ca.nix b/hosts/sid/services/step-ca.nix index 9ec74de..8ce01bd 100644 --- a/hosts/sid/services/step-ca.nix +++ b/hosts/sid/services/step-ca.nix @@ -76,7 +76,6 @@ in domain = "*.${constants.intranet}"; server = "https://${constants.ca-fqdn}:${toString cfg.port}/acme/acme/directory"; group = "nginx"; - mode = "0640"; }; };