✨ [pi4] Fix nginx config with TLS

2025-06-08 21:32:52 +00:00
parent eb8c857940
commit a277e8f3ed
3 changed files with 14 additions and 17 deletions
--- a/hosts/pi4/mailserver.nix
+++ b/hosts/pi4/mailserver.nix
@ -1,5 +1,4 @@
 {
-  lib,
  config,
  inputs,
  common,
@ -7,7 +6,6 @@
  ...
 }:
 let
-  cfg = config.mailserver;
  passwordHashKey = "mailserver/password-hash";
 in
 {
@ -42,18 +40,5 @@ in
    587
  ];

-  services.nginx.virtualHosts.${cfg.fqdn}.listen = lib.mkForce [
-    {
-      addr = "127.0.0.1";
-      port = 8003;
-      ssl = false;
-    }
-    {
-      addr = "192.168.10.188";
-      port = 8003;
-      ssl = false;
-    }
-  ];
-
  sops.secrets.${passwordHashKey}.neededForUsers = true;
 }
--- a/hosts/pi4/nextcloud.nix
+++ b/hosts/pi4/nextcloud.nix
@ -12,6 +12,11 @@ let
  dbuser = dbname;
 in
 {
+  security.acme = {
+    acceptTerms = true;
+    certs.${config.services.nextcloud.hostName}.email = "acme@${common.domain}";
+  };
+
  services = {
    nextcloud = {
      enable = true;
@ -52,6 +57,11 @@ in
      };
    };

+    nginx.virtualHosts.${config.services.nextcloud.hostName} = {
+      forceSSL = true;
+      enableACME = true;
+    };
+
    postgresql = {
      enable = true;
      ensureDatabases = [ dbname ];
--- a/hosts/pi4/nginx.nix
+++ b/hosts/pi4/nginx.nix
@ -14,9 +14,11 @@ let
    forceSSL = true;
    inherit locations;
  };
-  homelab = common.localIpAddr 231;
+  homelab = "http://${common.localIpAddr 231}";
  homelabProxy = proxyTo homelab; # TODO get homelab local ip from systems
  redirect = subdomain: {
+    enableACME = true;
+    forceSSL = true;
    globalRedirect = if subdomain == "" then domain else "${subdomain}.${domain}";
  };
 in
@ -46,7 +48,7 @@ in
      # Uptime Kuma
      "status.${domain}" = homelabProxy 3001;
      # Headscale
-      "vpm.${domain}" = proxyLocations {
+      "vpn.${domain}" = proxyLocations {
        "/web".proxyPass = "${homelab}:8084";
        "/".proxyPass = "${homelab}:8082";
      };