ngp.computer / nixos
Configuration for my NixOS based systems and Home Manager
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix cert issuance

Noah Pederson 6488da03 36514978

+7 -26
+7 -26
host-specific/misaki/services.nix
··· 265 265 group = "acme"; 266 266 }; 267 267 268 - # TODO: re-enable this once Agenix is set up 269 268 security.acme = { 270 269 acceptTerms = true; 271 270 defaults.email = "noah@packetlost.dev"; 272 271 certs."plex.packetlost.dev" = { 273 - dnsProvider = "porkbun"; 274 272 group = "httpd"; 273 + dnsProvider = "porkbun"; 275 274 environmentFile = config.age.secrets.acme.path; 276 275 }; 277 276 certs."img.ngp.computer" = { ··· 426 425 group = "nas"; 427 426 user = "noah"; 428 427 429 - # This is disabled for now 430 - #virtualHosts."${config.services.grafana.settings.server.domain}" = { 431 - # locations."/" = { 432 - # proxyPass = "http://127.0.0.1:${builtins.toString config.services.grafana.settings.server.http_port}"; 433 - # proxyWebsockets = true; 434 - # }; 435 - #}; 436 - 437 - virtualHosts."cache.packetlost.dev" = { 438 - locations."/".proxyPass = 439 - "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; 440 - }; 441 428 virtualHosts."photos.ngp.computer" = { 442 - enableACME = false; 443 - useACMEHost = "photos.ngp.computer"; 429 + enableACME = true; 444 430 acmeRoot = null; 445 431 forceSSL = true; 446 432 locations."/" = { ··· 457 443 }; 458 444 virtualHosts."img.ngp.computer" = { 459 445 forceSSL = true; 460 - enableACME = false; 461 - useACMEHost = "img.ngp.computer"; 446 + enableACME = true; 462 447 acmeRoot = null; 463 448 root = "/srv/shokuhou/pictures/public"; 464 449 extraConfig = '' ··· 476 461 }; 477 462 virtualHosts."files.ngp.computer" = { 478 463 forceSSL = true; 479 - enableACME = false; 480 - useACMEHost = "files.ngp.computer"; 464 + enableACME = true; 481 465 acmeRoot = null; 482 466 root = null; 483 467 extraConfig = '' ··· 494 478 }; 495 479 virtualHosts."jellyfin.packetlost.dev" = { 496 480 forceSSL = true; 497 - enableACME = false; 498 - useACMEHost = "jellyfin.packetlost.dev"; 481 + enableACME = true; 499 482 acmeRoot = null; 500 483 http2 = true; 501 484 locations."/" = { ··· 504 487 }; 505 488 virtualHosts."cache.ngp.computer" = { 506 489 forceSSL = true; 507 - enableACME = false; 508 - useACMEHost = "cache.ngp.computer"; 490 + enableACME = true; 509 491 acmeRoot = null; 510 492 http2 = true; 511 493 locations."/".proxyPass = ··· 516 498 virtualHosts."plex.packetlost.dev" = { 517 499 # Since we want a secure connection, we force SSL 518 500 forceSSL = true; 519 - enableACME = false; 520 - useACMEHost = "plex.packetlost.dev"; 501 + enableACME = true; 521 502 acmeRoot = null; 522 503 523 504 # http2 can more performant for streaming: https://blog.cloudflare.com/introducing-http2/