Update Nginx config and fix TLS
This commit is contained in:
parent
3086550f06
commit
aa79960179
|
@ -31,6 +31,16 @@
|
||||||
# Enable networking
|
# Enable networking
|
||||||
networking.networkmanager.enable = true;
|
networking.networkmanager.enable = true;
|
||||||
|
|
||||||
|
networking.interfaces.ens19.ipv4.addresses = [{
|
||||||
|
address = "185.138.143.227";
|
||||||
|
prefixLength = 29;
|
||||||
|
}];
|
||||||
|
|
||||||
|
networking.defaultGateway = {
|
||||||
|
address = "185.138.143.225";
|
||||||
|
interface = "ens19";
|
||||||
|
};
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
# Enable the OpenSSH daemon.
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -42,7 +52,7 @@
|
||||||
|
|
||||||
# Open ports in the firewall.
|
# Open ports in the firewall.
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
allowedTCPPorts = [ 80 443 20 21 22 990 6162 ];
|
allowedTCPPorts = [ 20 21 22 80 443 990 6162 ];
|
||||||
allowedTCPPortRanges = [{
|
allowedTCPPortRanges = [{
|
||||||
from = 40000;
|
from = 40000;
|
||||||
to = 40200;
|
to = 40200;
|
||||||
|
@ -64,12 +74,14 @@
|
||||||
|
|
||||||
security.acme.certs."technogothic.net" = {
|
security.acme.certs."technogothic.net" = {
|
||||||
domain = "*.technogothic.net";
|
domain = "*.technogothic.net";
|
||||||
|
extraDomainNames = [ "technogothic.net" ];
|
||||||
dnsProvider = "rfc2136";
|
dnsProvider = "rfc2136";
|
||||||
credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net";
|
credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net";
|
||||||
group = "nginx";
|
group = "nginx";
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ];
|
security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ];
|
||||||
|
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
|
||||||
|
|
||||||
# Nginx
|
# Nginx
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
@ -88,6 +100,8 @@
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
root = pkgs.vampysite;
|
root = pkgs.vampysite;
|
||||||
|
|
||||||
|
serverAliases = [ "agatha.technogothic.net" ];
|
||||||
|
|
||||||
locations."=/cv.pdf" = { alias = "/home/ftp/cv.pdf"; };
|
locations."=/cv.pdf" = { alias = "/home/ftp/cv.pdf"; };
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
@ -95,6 +109,12 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
virtualHosts."www.technogothic.net" = {
|
||||||
|
useACMEHost = "technogothic.net";
|
||||||
|
forceSSL = true;
|
||||||
|
globalRedirect = "technogothic.net";
|
||||||
|
};
|
||||||
|
|
||||||
virtualHosts."grafana.technogothic.net" = {
|
virtualHosts."grafana.technogothic.net" = {
|
||||||
useACMEHost = "technogothic.net";
|
useACMEHost = "technogothic.net";
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
@ -124,6 +144,15 @@
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
virtualHosts."ftp.technogothic.net" = {
|
||||||
|
useACMEHost = "technogothic.net";
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
root = "/home/ftp";
|
||||||
|
|
||||||
|
locations."/" = { extraConfig = "autoindex on;"; };
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
|
Loading…
Reference in New Issue