disable dhparams #45
3 changed files with 4 additions and 42 deletions
|
|
@ -13,18 +13,6 @@ in
|
||||||
inputs.synix.nixosModules.nginx
|
inputs.synix.nixosModules.nginx
|
||||||
];
|
];
|
||||||
|
|
||||||
security.acme = {
|
|
||||||
certs."sid-internal" = {
|
|
||||||
domain = constants.services.vaultwarden.fqdn;
|
|
||||||
extraDomainNames = [
|
|
||||||
constants.services.netdata.fqdn
|
|
||||||
constants.services.webdav.fqdn
|
|
||||||
];
|
|
||||||
server = "https://${constants.ca-fqdn}:8443/acme/acme/directory";
|
|
||||||
group = "nginx";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
systemd.tmpfiles.rules = [
|
||||||
"d /var/www 0755 gitea-runner ${cfg.group} -"
|
"d /var/www 0755 gitea-runner ${cfg.group} -"
|
||||||
];
|
];
|
||||||
|
|
@ -35,7 +23,7 @@ in
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = false;
|
||||||
forceSSL = false;
|
forceSSL = false;
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
|
|
@ -44,31 +32,6 @@ in
|
||||||
root = "/var/www/doc";
|
root = "/var/www/doc";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
"${constants.services.netdata.fqdn}" = {
|
|
||||||
forceSSL = true;
|
|
||||||
useACMEHost = "sid-internal";
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:${toString constants.services.netdata.port}";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
"${constants.services.vaultwarden.fqdn}" = {
|
|
||||||
forceSSL = true;
|
|
||||||
useACMEHost = "sid-internal";
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:${toString constants.services.vaultwarden.port}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
"${constants.services.webdav.fqdn}" = {
|
|
||||||
forceSSL = true;
|
|
||||||
useACMEHost = "sid-internal";
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:${toString constants.services.webdav.port}";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -14,10 +14,10 @@
|
||||||
hosts {
|
hosts {
|
||||||
${hosts.sid.ip} ${ca-fqdn}
|
${hosts.sid.ip} ${ca-fqdn}
|
||||||
|
|
||||||
${hosts.rx4.ip} ${services.netdata.fqdn}
|
|
||||||
${hosts.rx4.ip} ${services.vaultwarden.fqdn}
|
|
||||||
${hosts.rx4.ip} ${services.webdav.fqdn}
|
|
||||||
${hosts.rx4.ip} rx4.tail
|
${hosts.rx4.ip} rx4.tail
|
||||||
|
${hosts.sid.ip} ${services.netdata.fqdn}
|
||||||
|
${hosts.sid.ip} ${services.vaultwarden.fqdn}
|
||||||
|
${hosts.sid.ip} ${services.webdav.fqdn}
|
||||||
${hosts.sid.ip} sid.tail
|
${hosts.sid.ip} sid.tail
|
||||||
${hosts.vde.ip} vde.tail
|
${hosts.vde.ip} vde.tail
|
||||||
fallthrough
|
fallthrough
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,6 @@ in
|
||||||
key = config.sops.secrets."step-ca/intermediate-key".path;
|
key = config.sops.secrets."step-ca/intermediate-key".path;
|
||||||
dnsNames = [
|
dnsNames = [
|
||||||
constants.ca-fqdn
|
constants.ca-fqdn
|
||||||
constants.hosts.rx4.ip
|
|
||||||
constants.hosts.sid.ip
|
constants.hosts.sid.ip
|
||||||
];
|
];
|
||||||
logger = {
|
logger = {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue