ma bgt: enable acme with cloudflare

author: makefu <github@syntax-fehler.de> 2022-08-29 21:12:21 +0200
committer: makefu <github@syntax-fehler.de> 2022-08-29 21:12:21 +0200
commit: 2c417ec53df0112d7e96f94c05be59ec95bfbbc5 (patch)
tree: 90582f9101a4ac9b989c4866982f398858220573 /2configs
parent: aeb0c2a6ea8a089482dc095a9b0b26bc4aeded4f (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/2configs/bgt/download.binaergewitter.de.nix b/2configs/bgt/download.binaergewitter.de.nix
index 1cf21f213..85379e77b 100644
--- a/2configs/bgt/download.binaergewitter.de.nix
+++ b/2configs/bgt/download.binaergewitter.de.nix
@@ -59,6 +59,11 @@ in {
   systemd.services.nginx.serviceConfig.ReadWritePaths = [
     "/var/spool/nginx/logs/"
   ];
+  security.acme.certs."download.binaergewitter.de" = {
+    dnsProvider = "cloudflare";
+    credentialsFile = toString <secrets/lego-binaergewitter>;
+    webroot = lib.mkForce null;
+  };
 
   services.nginx = {
     appendHttpConfig = ''
@@ -70,6 +75,8 @@ in {
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     virtualHosts."download.binaergewitter.de" = {
+      enableSSL = true;
+      enableACME = true;
         serverAliases = [ "dl2.binaergewitter.de" ];
         root = "/var/www/binaergewitter";
         extraConfig = ''
author	makefu <github@syntax-fehler.de>	2022-08-29 21:12:21 +0200
committer	makefu <github@syntax-fehler.de>	2022-08-29 21:12:21 +0200
commit	2c417ec53df0112d7e96f94c05be59ec95bfbbc5 (patch)
tree	90582f9101a4ac9b989c4866982f398858220573 /2configs
parent	aeb0c2a6ea8a089482dc095a9b0b26bc4aeded4f (diff)