Commit f36f9588acc0

Vincent Demeester <vincent@sbr.pm>
2019-01-25 15:16:16
carthage/kerkouane: setup nginx + let's encrypt
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 58104d5
Changed files (2)
machine
carthage.nix
kerkouane.nix
machine/carthage.nix
@@ -18,7 +18,21 @@ with import ../assets/machines.nix; {
     syncthing.enable = true;
   };
   networking.firewall.allowPing = true;
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  security = {
+    acme.certs = {
+      "sbr.pm".email = "vincent@sbr.pm";
+    };
+  };
   services = {
+    nginx = {
+      enable = true;
+      virtualHosts."sbr.pm" = {
+        enableACME = true;
+        forceSSL = true;
+        root = "/var/www/default";
+      };
+    };
     openssh.ports = [ ssh.carthage.port ];
     openssh.permitRootLogin = "without-password";
     syncthing-edge.guiAddress = "${wireguard.ips.carthage}:8384";
machine/kerkouane.nix
@@ -7,15 +7,6 @@ with import ../assets/machines.nix; {
     cleanTmpDir = true;
     loader.grub.enable = true;
   };
-  locations."/public/default/index" =
-  let file = pkgs.writeText "index" "Welcome !";
-  in 
-  { alias = file;
-    extraConfig = ''
-      etag off;
-      add_header etag "\"${builtins.substring 11 32 file.outPath}\"";
-      '';
-  }
   profiles = {
     git.enable = true;
     nix-config.localCaches = [];
@@ -26,22 +17,9 @@ with import ../assets/machines.nix; {
   };
   networking.firewall.allowPing = true;
   services = {
-    nginx = {
-      enable = true;
-      virtualHosts."sbr.pm" = {
-        enableACME = true;
-        forceSSL = true;
-        root = "/public/default";
-      };
-    };
     openssh.ports = [ ssh.kerkouane.port ];
     openssh.permitRootLogin = "without-password";
   };
-  security = {
-    acme.certs = {
-      "sbr.pm".email = "vincent@sbr.pm";
-    };
-  };
   users.users.root.openssh.authorizedKeys.keys = [
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGR4dqXwHwPpYgyk6yl9+9LRL3qrBZp3ZWdyKaTiXp0p vincent@shikoku"
   ];