diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/nixos/server/nextcloud/default.nix | 6 | ||||
| -rw-r--r-- | modules/nixos/server/nginx/default.nix | 17 | ||||
| -rw-r--r-- | modules/nixos/server/site/default.nix | 4 | ||||
| -rw-r--r-- | modules/secrets/default.nix | 8 |
4 files changed, 13 insertions, 22 deletions
diff --git a/modules/nixos/server/nextcloud/default.nix b/modules/nixos/server/nextcloud/default.nix index 3fba5c8..695850d 100644 --- a/modules/nixos/server/nextcloud/default.nix +++ b/modules/nixos/server/nextcloud/default.nix @@ -56,11 +56,11 @@ in phpOptions."opcache.interned_strings_buffer" = "64"; }; - services.nginx.virtualHosts = mkIf ((config.nx.server.nginx or { }).enable or false) { + services.nginx.virtualHosts = { "cloud.schererleander.de" = { forceSSL = true; - sslCertificate = config.nx.server.nginx.sslCertificate; - sslCertificateKey = config.nx.server.nginx.sslCertificateKey; + sslCertificate = config.sops.secrets."cert_fullchain".path; + sslCertificateKey = config.sops.secrets."cert_private".path; }; }; diff --git a/modules/nixos/server/nginx/default.nix b/modules/nixos/server/nginx/default.nix index cf97109..d960d33 100644 --- a/modules/nixos/server/nginx/default.nix +++ b/modules/nixos/server/nginx/default.nix @@ -6,8 +6,6 @@ let inherit (lib) mkEnableOption - mkOption - types mkIf ; cfg = config.nx.server.nginx; @@ -17,21 +15,6 @@ in enable = mkEnableOption "nginx reverse proxy" // { default = true; }; - hostName = mkOption { - description = "url of server"; - type = types.str; - default = "schererleander.de"; - }; - sslCertificate = mkOption { - description = "ssl certificate to use"; - type = types.nullOr types.str; - default = "/etc/ssl/${cfg.hostName}/fullchain.pem"; - }; - sslCertificateKey = mkOption { - description = "ssl certificate key to use"; - type = types.nullOr types.str; - default = "/etc/ssl/${cfg.hostName}/privkey.key"; - }; }; config = mkIf cfg.enable { services.nginx = { diff --git a/modules/nixos/server/site/default.nix b/modules/nixos/server/site/default.nix index be603c6..c1d472b 100644 --- a/modules/nixos/server/site/default.nix +++ b/modules/nixos/server/site/default.nix @@ -21,8 +21,8 @@ in services.site = { enable = true; domain = "schererleander.de"; - sslCertificate = "/etc/ssl/schererleander.de/fullchain.pem"; - sslCertificateKey = "/etc/ssl/schererleander.de/privkey.key"; + sslCertificate = config.sops.secrets."cert_fullchain".path; + sslCertificateKey = config.sops.secrets."cert_private".path; }; }; } diff --git a/modules/secrets/default.nix b/modules/secrets/default.nix index 03d1bc6..682596b 100644 --- a/modules/secrets/default.nix +++ b/modules/secrets/default.nix @@ -29,6 +29,14 @@ owner = "root"; mode = "0600"; }; + "cert_fullchain" = { + owner = "nginx"; + group = "nginx"; + }; + "cert_private" = { + owner = "nginx"; + group = "nginx"; + }; }; }; } |