Update Nginx config and fix TLS

hosts/bloodletting/configuration.nix

@@ -31,6 +31,16 @@
   # Enable networking
   networking.networkmanager.enable = true;
 
+  networking.interfaces.ens19.ipv4.addresses = [{
+    address = "185.138.143.227";
+    prefixLength = 29;
+  }];
+
+  networking.defaultGateway = {
+    address = "185.138.143.225";
+    interface = "ens19";
+  };
+
   # Enable the OpenSSH daemon.
   services.openssh = {
     enable = true;
@@ -42,7 +52,7 @@
 
   # Open ports in the firewall.
   networking.firewall = {
-    allowedTCPPorts = [ 80 443 20 21 22 990 6162 ];
+    allowedTCPPorts = [ 20 21 22 80 443 990 6162 ];
     allowedTCPPortRanges = [{
       from = 40000;
       to = 40200;
@@ -64,12 +74,14 @@
 
   security.acme.certs."technogothic.net" = {
     domain = "*.technogothic.net";
+    extraDomainNames = [ "technogothic.net" ];
     dnsProvider = "rfc2136";
     credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net";
     group = "nginx";
   };
 
   security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ];
+  systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
 
   # Nginx
   services.nginx = {
@@ -88,6 +100,8 @@
       forceSSL = true;
       root = pkgs.vampysite;
 
+      serverAliases = [ "agatha.technogothic.net" ];
+
       locations."=/cv.pdf" = { alias = "/home/ftp/cv.pdf"; };
 
       extraConfig = ''
@@ -95,6 +109,12 @@
       '';
     };
 
+    virtualHosts."www.technogothic.net" = {
+      useACMEHost = "technogothic.net";
+      forceSSL = true;
+      globalRedirect = "technogothic.net";
+    };
+
     virtualHosts."grafana.technogothic.net" = {
       useACMEHost = "technogothic.net";
       forceSSL = true;
@@ -124,6 +144,15 @@
         proxyWebsockets = true;
       };
     };
+
+    virtualHosts."ftp.technogothic.net" = {
+      useACMEHost = "technogothic.net";
+      forceSSL = true;
+
+      root = "/home/ftp";
+
+      locations."/" = { extraConfig = "autoindex on;"; };
+    };
   };
 
   # This value determines the NixOS release from which the default