From 2818476f710410f1c752ce12becce10be0a8a293 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 9 Jan 2023 20:37:40 +0100
Subject: [PATCH] l yellow.r: add acme ssl to yellow.r, radar.r and sonar.r

---
 lass/1systems/yellow/config.nix | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/lass/1systems/yellow/config.nix b/lass/1systems/yellow/config.nix
index 72e2e0e85..06561e9cf 100644
--- a/lass/1systems/yellow/config.nix
+++ b/lass/1systems/yellow/config.nix
@@ -34,6 +34,12 @@ in {
     };
   };
 
+  security.acme.defaults.email = "spam@krebsco.de";
+  security.acme.acceptTerms = true;
+  security.acme.certs."yellow.r".server = config.krebs.ssl.acmeURL;
+  security.acme.certs."jelly.r".server = config.krebs.ssl.acmeURL;
+  security.acme.certs."radar.r".server = config.krebs.ssl.acmeURL;
+  security.acme.certs."sonar.r".server = config.krebs.ssl.acmeURL;
   services.nginx = {
     enable = true;
     package = pkgs.nginx.override {
@@ -41,8 +47,10 @@ in {
         fancyindex
       ];
     };
-    virtualHosts.default = {
+    virtualHosts."yellow.r" = {
       default = true;
+      enableACME = true;
+      addSSL = true;
       locations."/" = {
         root = "/var/download";
         extraConfig = ''
@@ -137,18 +145,24 @@ in {
       '';
     };
     virtualHosts."jelly.r" = {
+      enableACME = true;
+      addSSL = true;
       locations."/".extraConfig = ''
         proxy_pass http://localhost:8096/;
         proxy_set_header Accept-Encoding "";
       '';
     };
     virtualHosts."radar.r" = {
+      enableACME = true;
+      addSSL = true;
       locations."/" = {
         proxyWebsockets = true;
         proxyPass = "http://localhost:7878";
       };
     };
     virtualHosts."sonar.r" = {
+      enableACME = true;
+      addSSL = true;
       locations."/" = {
         proxyWebsockets = true;
         proxyPass = "http://localhost:8989";
@@ -227,6 +241,7 @@ in {
     enable = true;
     tables.filter.INPUT.rules = [
       { predicate = "-p tcp --dport 80"; target = "ACCEPT"; } # nginx web dir
+      { predicate = "-p tcp --dport 443"; target = "ACCEPT"; } # nginx web dir
       { predicate = "-p tcp --dport 9091"; target = "ACCEPT"; } # transmission-web
       { predicate = "-p tcp --dport 51413"; target = "ACCEPT"; } # transmission-traffic
       { predicate = "-p udp --dport 51413"; target = "ACCEPT"; } # transmission-traffic