martials/nixos-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[pi4] Fix nginx config with TLS

Browse Source
This commit is contained in:
Martin Berg Alstad
2025-06-08 21:32:52 +00:00
parent eb8c857940
commit a277e8f3ed
3 changed files with 14 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
hosts/pi4/mailserver.nix
View File

@ -1,5 +1,4 @@
{ {
lib,
config, config,
inputs, inputs,
common, common,
@ -7,7 +6,6 @@
... ...
}: }:
let let
cfg = config.mailserver;
passwordHashKey = "mailserver/password-hash"; passwordHashKey = "mailserver/password-hash";
in in
{ {
@ -42,18 +40,5 @@ in
587 587
]; ];
services.nginx.virtualHosts.${cfg.fqdn}.listen = lib.mkForce [
{
addr = "127.0.0.1";
port = 8003;
ssl = false;
}
{
addr = "192.168.10.188";
port = 8003;
ssl = false;
}
];
sops.secrets.${passwordHashKey}.neededForUsers = true; sops.secrets.${passwordHashKey}.neededForUsers = true;
} }

10
hosts/pi4/nextcloud.nix
View File

@ -12,6 +12,11 @@ let
dbuser = dbname; dbuser = dbname;
in in
{ {
security.acme = {
acceptTerms = true;
certs.${config.services.nextcloud.hostName}.email = "acme@${common.domain}";
};
services = { services = {
nextcloud = { nextcloud = {
enable = true; enable = true;
@ -52,6 +57,11 @@ in
}; };
}; };
nginx.virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
enableACME = true;
};
postgresql = { postgresql = {
enable = true; enable = true;
ensureDatabases = [ dbname ]; ensureDatabases = [ dbname ];

6
hosts/pi4/nginx.nix
View File

@ -14,9 +14,11 @@ let
forceSSL = true; forceSSL = true;
inherit locations; inherit locations;
}; };
homelab = common.localIpAddr 231; homelab = "http://${common.localIpAddr 231}";
homelabProxy = proxyTo homelab; # TODO get homelab local ip from systems homelabProxy = proxyTo homelab; # TODO get homelab local ip from systems
redirect = subdomain: { redirect = subdomain: {
enableACME = true;
forceSSL = true;
globalRedirect = if subdomain == "" then domain else "${subdomain}.${domain}"; globalRedirect = if subdomain == "" then domain else "${subdomain}.${domain}";
}; };
in in
@ -46,7 +48,7 @@ in
# Uptime Kuma # Uptime Kuma
"status.${domain}" = homelabProxy 3001; "status.${domain}" = homelabProxy 3001;
# Headscale # Headscale
"vpm.${domain}" = proxyLocations { "vpn.${domain}" = proxyLocations {
"/web".proxyPass = "${homelab}:8084"; "/web".proxyPass = "${homelab}:8084";
"/".proxyPass = "${homelab}:8082"; "/".proxyPass = "${homelab}:8082";
}; };