m 1 omo: enable ps3netsrv
This commit is contained in:
parent
a06d756240
commit
0ea815f9ff
|
@ -74,7 +74,10 @@ in {
|
||||||
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
systemd.services.sabnzbd.environment.SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
|
makefu.ps3netsrv = {
|
||||||
|
enable = true;
|
||||||
|
servedir = "/media/cryptX/emu/ps3";
|
||||||
|
};
|
||||||
# HDD Array stuff
|
# HDD Array stuff
|
||||||
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
services.smartd.devices = builtins.map (x: { device = x; }) allDisks;
|
||||||
|
|
||||||
|
|
|
@ -3,8 +3,15 @@
|
||||||
with config.krebs.lib;
|
with config.krebs.lib;
|
||||||
let
|
let
|
||||||
sec = toString <secrets>;
|
sec = toString <secrets>;
|
||||||
ssl_cert = "${sec}/wildcard.krebsco.de.crt";
|
ext-dom = "wiki.euer.krebsco.de";
|
||||||
ssl_key = "${sec}/wildcard.krebsco.de.key";
|
acmepath = "/var/lib/acme/";
|
||||||
|
acmechall = acmepath + "/challenges/";
|
||||||
|
|
||||||
|
#ssl_cert = "${sec}/wildcard.krebsco.de.crt";
|
||||||
|
#ssl_key = "${sec}/wildcard.krebsco.de.key";
|
||||||
|
ssl_cert = "${acmepath}/${ext-dom}/fullchain.pem";
|
||||||
|
ssl_key = "${acmepath}/${ext-dom}/key.pem";
|
||||||
|
|
||||||
user = config.services.nginx.user;
|
user = config.services.nginx.user;
|
||||||
group = config.services.nginx.group;
|
group = config.services.nginx.group;
|
||||||
fpm-socket = "/var/run/php5-fpm.sock";
|
fpm-socket = "/var/run/php5-fpm.sock";
|
||||||
|
@ -80,22 +87,23 @@ in {
|
||||||
listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
|
listen = [ "${external-ip}:80" "${external-ip}:443 ssl"
|
||||||
"${internal-ip}:80" "${internal-ip}:443 ssl" ];
|
"${internal-ip}:80" "${internal-ip}:443 ssl" ];
|
||||||
server-names = [
|
server-names = [
|
||||||
"wiki.euer.krebsco.de"
|
ext-dom
|
||||||
"wiki.makefu.retiolum"
|
"wiki.makefu.retiolum"
|
||||||
"wiki.makefu"
|
"wiki.makefu"
|
||||||
];
|
];
|
||||||
|
ssl = {
|
||||||
|
enable = true;
|
||||||
|
# these certs will be needed if acme has not yet created certificates:
|
||||||
|
certificate = ssl_cert;
|
||||||
|
certificate_key = ssl_key;
|
||||||
|
force_encryption = true;
|
||||||
|
};
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_buffers 4 32k;
|
gzip_buffers 4 32k;
|
||||||
gzip_types text/plain application/x-javascript text/css;
|
gzip_types text/plain application/x-javascript text/css;
|
||||||
ssl_certificate ${ssl_cert};
|
|
||||||
ssl_certificate_key ${ssl_key};
|
|
||||||
default_type text/plain;
|
default_type text/plain;
|
||||||
|
|
||||||
if ($scheme = http){
|
|
||||||
return 301 https://$server_name$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
'';
|
'';
|
||||||
locations = [
|
locations = [
|
||||||
(nameValuePair "/" ''
|
(nameValuePair "/" ''
|
||||||
|
@ -111,8 +119,20 @@ in {
|
||||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||||
'')
|
'')
|
||||||
|
(nameValuePair "/.well-known/acme-challenge" ''
|
||||||
|
root ${acmechall}/${ext-dom}/;
|
||||||
|
'')
|
||||||
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
security.acme.certs."${ext-dom}" = {
|
||||||
|
email = "acme@syntax-fehler.de";
|
||||||
|
webroot = "${acmechall}/${ext-dom}/";
|
||||||
|
group = "nginx";
|
||||||
|
allowKeysForGroup = true;
|
||||||
|
postRun = "systemctl reload nginx.service";
|
||||||
|
extraDomains."${ext-dom}" = null ;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue