containers/webserver: use ACME for cert generation

2021-01-01 12:00:48 +01:00 · 2021-01-01 12:00:48 +01:00 · d742a504f0
commit d742a504f0
parent 406ab7be7e
1 changed files with 12 additions and 3 deletions
--- a/nix/os/containers/webserver.nix
+++ b/nix/os/containers/webserver.nix
@ -14,14 +14,23 @@
        domain = "www.stefanjunker.de";
    };

+    security.acme = {
+      acceptTerms = true;
+      certs."www.stefanjunker.de".email = "mail@stefanjunker.de";
+    };
+
    services.nginx.enable = true;
-    services.nginx.virtualHosts."stefanjunker.de" = {
+    services.nginx.virtualHosts."www.stefanjunker.de" = {
      default = true;
      onlySSL = true;
      root = "/var/www/stefanjunker.de/htdocs";

-      sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
-      sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
+      enableACME = true;
+      serverAliases = [
+        "stefanjunker.de"
+      ];
+      # sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
+      # sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";

      locations."/fi" = {
        index = "index.php";