summaryrefslogtreecommitdiffstats
path: root/lass/1systems/prism.nix
diff options
context:
space:
mode:
authorlassulus <lass@aidsballs.de>2016-07-07 23:07:22 +0200
committerlassulus <lass@aidsballs.de>2016-07-07 23:07:22 +0200
commit13486879b764092d0004464510615ffa1f8152a2 (patch)
treed1918dcdbbdeb298b3e44bcd9cd4f6a032e718ee /lass/1systems/prism.nix
parent6eab08eef60d634324056b58c98a1b2a4fa1ed1f (diff)
l 1 prism: fix ssl for cgit.lassul.us
Diffstat (limited to 'lass/1systems/prism.nix')
-rw-r--r--lass/1systems/prism.nix21
1 files changed, 17 insertions, 4 deletions
diff --git a/lass/1systems/prism.nix b/lass/1systems/prism.nix
index 5477a8b86..1eb81cd0a 100644
--- a/lass/1systems/prism.nix
+++ b/lass/1systems/prism.nix
@@ -1,5 +1,7 @@
{ config, lib, pkgs, ... }:
+with config.krebs.lib;
+
let
ip = config.krebs.build.host.nets.internet.ip4.addr;
@@ -24,11 +26,22 @@ in {
{
imports = [
../2configs/git.nix
- ( manageCerts [ "cgit.lassul.us" ])
- ];
- krebs.nginx.servers.cgit.server-names = [
- "cgit.lassul.us"
];
+ krebs.nginx.servers.cgit = {
+ server-names = [
+ "cgit.lassul.us"
+ ];
+ locations = [
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root /var/lib/acme/challenges/cgit.lassul.us/;
+ '')
+ ];
+ ssl = {
+ enable = true;
+ certificate = "/var/lib/acme/cgit.lassul.us/fullchain.pem";
+ certificate_key = "/var/lib/acme/cgit.lassul.us/key.pem";
+ };
+ };
}
{
users.extraGroups = {