29 lines
687 B
Nix
29 lines
687 B
Nix
{ config, ... }:
|
|
|
|
{
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "till@ktiu.net";
|
|
certs."${config.networking.domain}" = {
|
|
domain = config.networking.domain;
|
|
webroot = "/var/lib/acme/.challenges";
|
|
group = config.services.nginx.group;
|
|
extraDomainNames = [ config.networking.fqdn ];
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts = {
|
|
"${config.networking.fqdn}-80" = {
|
|
serverAliases = [
|
|
"*.ktiu.net"
|
|
"*.t9e.me"
|
|
];
|
|
locations."/.well-known/acme-challenge" = {
|
|
root = "/var/lib/acme/.challenges";
|
|
};
|
|
locations."/" = {
|
|
return = "301 https://$host$request_uri";
|
|
};
|
|
};
|
|
};
|
|
}
|