From a277e8f3edc9dbbe3cba5280872cc9a45a3bd7fc Mon Sep 17 00:00:00 2001 From: Martin Berg Alstad Date: Sun, 8 Jun 2025 21:32:52 +0000 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20[pi4]=20Fix=20nginx=20config=20with?= =?UTF-8?q?=20TLS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- hosts/pi4/mailserver.nix | 15 --------------- hosts/pi4/nextcloud.nix | 10 ++++++++++ hosts/pi4/nginx.nix | 6 ++++-- 3 files changed, 14 insertions(+), 17 deletions(-) diff --git a/hosts/pi4/mailserver.nix b/hosts/pi4/mailserver.nix index 2c10b70..ff84383 100644 --- a/hosts/pi4/mailserver.nix +++ b/hosts/pi4/mailserver.nix @@ -1,5 +1,4 @@ { - lib, config, inputs, common, @@ -7,7 +6,6 @@ ... }: let - cfg = config.mailserver; passwordHashKey = "mailserver/password-hash"; in { @@ -42,18 +40,5 @@ in 587 ]; - services.nginx.virtualHosts.${cfg.fqdn}.listen = lib.mkForce [ - { - addr = "127.0.0.1"; - port = 8003; - ssl = false; - } - { - addr = "192.168.10.188"; - port = 8003; - ssl = false; - } - ]; - sops.secrets.${passwordHashKey}.neededForUsers = true; } diff --git a/hosts/pi4/nextcloud.nix b/hosts/pi4/nextcloud.nix index ee9bcc3..5d143a0 100644 --- a/hosts/pi4/nextcloud.nix +++ b/hosts/pi4/nextcloud.nix @@ -12,6 +12,11 @@ let dbuser = dbname; in { + security.acme = { + acceptTerms = true; + certs.${config.services.nextcloud.hostName}.email = "acme@${common.domain}"; + }; + services = { nextcloud = { enable = true; @@ -52,6 +57,11 @@ in }; }; + nginx.virtualHosts.${config.services.nextcloud.hostName} = { + forceSSL = true; + enableACME = true; + }; + postgresql = { enable = true; ensureDatabases = [ dbname ]; diff --git a/hosts/pi4/nginx.nix b/hosts/pi4/nginx.nix index c93b88e..22b72ad 100644 --- a/hosts/pi4/nginx.nix +++ b/hosts/pi4/nginx.nix @@ -14,9 +14,11 @@ let forceSSL = true; inherit locations; }; - homelab = common.localIpAddr 231; + homelab = "http://${common.localIpAddr 231}"; homelabProxy = proxyTo homelab; # TODO get homelab local ip from systems redirect = subdomain: { + enableACME = true; + forceSSL = true; globalRedirect = if subdomain == "" then domain else "${subdomain}.${domain}"; }; in @@ -46,7 +48,7 @@ in # Uptime Kuma "status.${domain}" = homelabProxy 3001; # Headscale - "vpm.${domain}" = proxyLocations { + "vpn.${domain}" = proxyLocations { "/web".proxyPass = "${homelab}:8084"; "/".proxyPass = "${homelab}:8082"; };