msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(deertopia): Persist SSL certs

Browse Source
This commit is contained in:
Madeleine Sydney
2025-02-25 03:44:51 -07:00
parent 4746fe5f37
commit a5bab1d73d
2 changed files with 21 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
modules/nixos/deertopia/authelia.nix
View File

@@ -132,18 +132,21 @@ in {
}; };
}; };
sydnix.deertopia.nginx.vhosts."auth".vhost = { sydnix.deertopia.nginx.vhosts."auth" = {
forceSSL = true; directory = null;
enableACME = true; vhost = {
extraConfig = '' forceSSL = true;
set $upstream http://127.0.0.1:${builtins.toString cfg.httpPort}; enableACME = true;
''; extraConfig = ''
locations."/".extraConfig = '' set $upstream http://127.0.0.1:${builtins.toString cfg.httpPort};
include ${./authelia/proxy.conf}; '';
proxy_pass $upstream; locations."/".extraConfig = ''
''; include ${./authelia/proxy.conf};
locations."/api/verify".proxyPass = "$upstream"; proxy_pass $upstream;
locations."/api/authz".proxyPass = "$upstream"; '';
locations."/api/verify".proxyPass = "$upstream";
locations."/api/authz".proxyPass = "$upstream";
};
}; };
# TODO: Remove this. It's only used for a quick demo for myself. The # TODO: Remove this. It's only used for a quick demo for myself. The

7
modules/nixos/deertopia/nginx.nix
View File

@@ -71,7 +71,7 @@ in
services.nginx.enable = true; services.nginx.enable = true;
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 # HTTP 80 # HTTP
443 # HTTPS 443 # HTTPS
]; ];
@@ -85,6 +85,11 @@ in
defaults.email = "lomiskiam@gmail.com"; defaults.email = "lomiskiam@gmail.com";
}; };
sydnix.impermanence.directories = [
# Don't regenerate certs on reboot.
"/var/lib/acme"
];
services.nginx.virtualHosts = services.nginx.virtualHosts =
builtins.listToAttrs builtins.listToAttrs
(builtins.map (builtins.map