refactored system

2026-01-22 00:13:33 +01:00 · 2026-01-22 00:13:33 +01:00 · 386d889455
commit 386d889455
parent 6a62e2f23f
55 changed files with 336 additions and 580 deletions
--- a/system/web-server/letsencrypt.nix
+++ b/system/web-server/letsencrypt.nix
@ -0,0 +1,29 @@
+{ config, ... }:
+
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "till@ktiu.net";
+    certs."${config.networking.domain}" = {
+      domain = config.networking.domain;
+      webroot = "/var/lib/acme/.challenges";
+      group = config.services.nginx.group;
+      extraDomainNames = [ config.networking.fqdn ];
+    };
+  };
+
+  services.nginx.virtualHosts = {
+    "${config.networking.fqdn}-80" = {
+      serverAliases = [
+        "*.ktiu.net"
+        "*.t9e.me"
+      ];
+      locations."/.well-known/acme-challenge" = {
+        root = "/var/lib/acme/.challenges";
+      };
+      locations."/" = {
+        return = "301 https://$host$request_uri";
+      };
+    };
+  };
+}