sprechtl/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: ssl certs

Browse source
This commit is contained in:
s-prechtl 2025-07-14 18:44:06 +02:00
parent 91b76ba49c
commit 6d8ce8772b
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/hitsugibune/matrix.nix
View file

@ -42,16 +42,18 @@ in {
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx.virtualHosts.${config.services.coturn.realm} = { services.nginx.virtualHosts.${turn.realm} = {
addSSL = true; addSSL = true;
enableACME = false; # well do ACME ourselves enableACME = false; # well do ACME ourselves
forceSSL = false; forceSSL = false;
sslCertificate = "${config.security.acme.certs.${turn.realm}.directory}/full.pem";
sslCertificateKey = "${config.security.acme.certs.${turn.realm}.directory}/key.pem";
locations."/.well-known/acme-challenge/" = { locations."/.well-known/acme-challenge/" = {
root = "/var/lib/acme/acme-challenges"; root = "/var/lib/acme/acme-challenges";
}; };
}; };
security.acme.certs.${config.services.coturn.realm} = { security.acme.certs.${turn.realm} = {
email = "stefan@tague.at"; email = "stefan@tague.at";
webroot = "/var/lib/acme/acme-challenges"; webroot = "/var/lib/acme/acme-challenges";
postRun = "systemctl restart coturn.service"; postRun = "systemctl restart coturn.service";