ktiu/omniflake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

forgejo cert todo

Browse source
This commit is contained in:
Till 2025-12-15 17:53:02 +01:00
parent d3cb19d6f1
commit 842e05de0d
4 changed files with 23 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

9
flake.nix
View file

@ -77,10 +77,15 @@
./system/hardware/arielle.nix
./system
./system/web-server
#infrastructure
./system/web-server/mail
./system/web-server/radicale.nix
./system/web-server/outline.nix
./system/web-server/jenkins.nix
./system/web-server/mail
./system/web-server/forgejo.nix
# ./system/web-server/jenkins.nix
# web hosting
./system/web-server/oopsidentify.nix
./system/web-server/fundkorb-button.nix
./system/web-server/ksh-map.nix

10
system/web-server/forgejo.nix
View file

@ -10,11 +10,10 @@ in
{
security.acme.certs."${config.networking.domain}".extraDomainNames = [
"outline.${config.networking.domain}"
"git.ktiu.net"
];
services.nginx = {
virtualHosts.${cfg.settings.server.DOMAIN} = {
services.nginx.virtualHosts."${srv.DOMAIN}" = {
forceSSL = true;
useACMEHost = config.networking.domain;
locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
@ -22,7 +21,6 @@ in
client_max_body_size 512M;
'';
};
};
services.forgejo = {
@ -37,11 +35,11 @@ in
DOMAIN = "git.${config.networking.domain}";
# You need to specify this to remove the port from URLs in the web UI.
ROOT_URL = "https://${srv.DOMAIN}/";
HTTP_PORT = 3000;
HTTP_PORT = 3080;
};
# You can temporarily allow registration to create an admin user.
# service.DISABLE_REGISTRATION = true;
service.DISABLE_REGISTRATION = true;
# Add support for actions, based on act: https://github.com/nektos/act
actions = {

1
system/web-server/ksh-map.nix
View file

@ -4,7 +4,6 @@
services.nginx.virtualHosts."karte.kein-schlussstrich-hessen.org" = {
forceSSL = true;
enableACME = true;
onlySSL = true;
root = "/var/www/ksh-map/dist";
};
}

8
system/web-server/mail/postfix.nix
View file

@ -51,8 +51,12 @@ in {
"[::1]/128"
];
sslKey = config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/key.pem";
sslCert = config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/cert.pem";
settings.main.smtpd_tls_chain_files = [
"${config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/key.pem"}"
"${config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/cert.pem"}"
];
# sslKey = config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/key.pem";
# sslCert = config.security.acme.certs."${config.networking.fqdn}-postfix".directory + "/cert.pem";
enableSubmission = true;
submissionOptions = {