diff --git a/flake.nix b/flake.nix index 3c4f75e..3f14ee6 100644 --- a/flake.nix +++ b/flake.nix @@ -77,10 +77,15 @@ ./system/hardware/arielle.nix ./system ./system/web-server + + #infrastructure + ./system/web-server/mail ./system/web-server/radicale.nix ./system/web-server/outline.nix - ./system/web-server/jenkins.nix - ./system/web-server/mail + ./system/web-server/forgejo.nix + # ./system/web-server/jenkins.nix + + # web hosting ./system/web-server/oopsidentify.nix ./system/web-server/fundkorb-button.nix ./system/web-server/ksh-map.nix diff --git a/system/web-server/forgejo.nix b/system/web-server/forgejo.nix index 2a816d0..80bf6ef 100644 --- a/system/web-server/forgejo.nix +++ b/system/web-server/forgejo.nix @@ -10,18 +10,16 @@ in { security.acme.certs."${config.networking.domain}".extraDomainNames = [ - "outline.${config.networking.domain}" + "git.ktiu.net" ]; - services.nginx = { - virtualHosts.${cfg.settings.server.DOMAIN} = { - forceSSL = true; - useACMEHost = config.networking.domain; - locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; - extraConfig = '' - client_max_body_size 512M; - ''; - }; + services.nginx.virtualHosts."${srv.DOMAIN}" = { + forceSSL = true; + useACMEHost = config.networking.domain; + locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; + extraConfig = '' + client_max_body_size 512M; + ''; }; services.forgejo = { @@ -37,11 +35,11 @@ in DOMAIN = "git.${config.networking.domain}"; # You need to specify this to remove the port from URLs in the web UI. ROOT_URL = "https://${srv.DOMAIN}/"; - HTTP_PORT = 3000; + HTTP_PORT = 3080; }; # You can temporarily allow registration to create an admin user. - # service.DISABLE_REGISTRATION = true; + service.DISABLE_REGISTRATION = true; # Add support for actions, based on act: https://github.com/nektos/act actions = { diff --git a/system/web-server/ksh-map.nix b/system/web-server/ksh-map.nix index acbdef0..9372d63 100644 --- a/system/web-server/ksh-map.nix +++ b/system/web-server/ksh-map.nix @@ -4,7 +4,6 @@ services.nginx.virtualHosts."karte.kein-schlussstrich-hessen.org" = { forceSSL = true; enableACME = true; - onlySSL = true; root = "/var/www/ksh-map/dist"; }; } diff --git a/system/web-server/mail/postfix.nix b/system/web-server/mail/postfix.nix index ae3362f..b1c666a 100644 --- a/system/web-server/mail/postfix.nix +++ b/system/web-server/mail/postfix.nix @@ -51,8 +51,12 @@ in { "[::1]/128" ]; - sslKey = config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/key.pem"; - sslCert = config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/cert.pem"; + settings.main.smtpd_tls_chain_files = [ + "${config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/key.pem"}" + "${config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/cert.pem"}" + ]; + # sslKey = config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/key.pem"; + # sslCert = config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/cert.pem"; enableSubmission = true; submissionOptions = {