diff --git a/hosts/sid/services/nginx.nix b/hosts/sid/services/nginx.nix index 1b538ac..ca44b46 100644 --- a/hosts/sid/services/nginx.nix +++ b/hosts/sid/services/nginx.nix @@ -19,12 +19,12 @@ in enable = true; openFirewall = true; forceSSL = ssl; - virtualHosts."_" = { - forceSSL = false; - locations."/.well-known/acme-challenge/" = { - root = "/var/lib/acme/acme-challenge"; - }; - }; + # virtualHosts."*" = { + # forceSSL = false; + # locations."/.well-known/acme-challenge/" = { + # root = "/var/lib/acme/acme-challenge"; + # }; + # }; virtualHosts."${constants.services.docs.fqdn}" = mkVirtualHost { inherit ssl; address = constants.hosts.rx4.ip; @@ -40,14 +40,10 @@ in address = constants.hosts.rx4.ip; port = constants.services.miniflux.port; }; - virtualHosts."${constants.services.netdata.fqdn}" = { - useACMEHost = "sid-internal"; - forceSSL = ssl; - locations."/" = { - proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.netdata.port}"; - proxyWebsockets = true; - }; - }; + # virtualHosts."${constants.services.netdata.fqdn}" = mkVirtualHost { + # inherit ssl; + # port = constants.services.netdata.port; + # }; virtualHosts."${constants.services.open-webui-oci.fqdn}" = mkVirtualHost { inherit ssl; address = constants.hosts.rx4.ip; @@ -65,23 +61,20 @@ in address = constants.hosts.rx4.ip; port = constants.services.rsshub-oci.port; }; - virtualHosts."${constants.services.vaultwarden.fqdn}" = { - useACMEHost = "sid-internal"; - forceSSL = ssl; - locations = { - "/" = { - proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.vaultwarden.port}"; - }; - }; - }; - virtualHosts."${constants.services.webdav.fqdn}" = { - useACMEHost = "sid-internal"; - forceSSL = ssl; - locations."/" = { - proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.webdav.port}"; - proxyWebsockets = true; - }; - }; + # virtualHosts."${constants.services.vaultwarden.fqdn}" = { + # useACMEHost = "sid-internal"; + # forceSSL = ssl; + # locations = { + # "/" = { + # proxyPass = "http://${constants.hosts.rx4.ip}:${toString constants.services.vaultwarden.port}"; + # }; + # }; + # }; + # virtualHosts."${constants.services.webdav.fqdn}" = mkVirtualHost { + # inherit ssl; + # address = constants.hosts.rx4.ip; + # port = constants.services.webdav.port; + # }; # FIXME # virtualHosts."print.sid.ovh" = { # enableACME = true; diff --git a/hosts/sid/services/step-ca.nix b/hosts/sid/services/step-ca.nix index d3abb11..1f3ec53 100644 --- a/hosts/sid/services/step-ca.nix +++ b/hosts/sid/services/step-ca.nix @@ -75,19 +75,18 @@ in "d /var/lib/acme/acme-challenge 0755 acme nginx" ]; - security.acme = { - certs."sid-internal" = { - # domain = constants.intranet; - domain = constants.services.vaultwarden.fqdn; - extraDomainNames = [ - constants.services.netdata.fqdn - # constants.services.vaultwarden.fqdn - constants.services.webdav.fqdn - ]; - server = "https://${constants.ca-fqdn}:${toString cfg.port}/acme/acme/directory"; - group = "nginx"; - }; - }; + # security.acme = { + # certs."sid-internal" = { + # domain = constants.services.vaultwarden.fqdn; + # # extraDomainNames = [ + # # constants.services.netdata.fqdn + # # constants.services.vaultwarden.fqdn + # # constants.services.webdav.fqdn + # # ]; + # server = "https://${constants.ca-fqdn}:${toString cfg.port}/acme/acme/directory"; + # group = "nginx"; + # }; + # }; sops = let