caspervk/nixos
1
0
Fork 0
Code Actions Activity

Compare commits

base: caspervk:4c3ed32c7a35fc8dd9f71bb05343f51217c4e846
Branches Tags
caspervk:master
caspervk:dev
..
compare: caspervk:931bce3d9f11279271a2a77e6843ad474c9ce220
Branches Tags
caspervk:master
caspervk:dev

2 commits
4c3ed32c7a ... 931bce3d9f

Author SHA1 Message Date
Casper V. Kristensen 931bce3d9f caddy files 2024-04-24 02:06:04 +02:00
Casper V. Kristensen 8bce4b0326 flake.lock: Update 
Flake lock file updates:

• Updated input 'secrets':
    'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=84f9be99ee397303cb23dfc8713115088fa7a53d' (2024-04-23)
  → 'git+ssh://git@git.caspervk.net/caspervk/nixos-secrets.git?ref=refs/heads/master&rev=d73392f1e37da591bbc2700a37beba60c5bc4648' (2024-04-24)
 2024-04-24 02:04:12 +02:00
5 changed files with 42 additions and 30 deletions
Show stats Expand all files Collapse all files

8
flake.lock
View file

@ -165,11 +165,11 @@
},
"secrets": {
"locked": {
"lastModified": 1713906026,
"narHash": "sha256-pI2SocGL1Ev54UXizRL2L6t3UmBFVGGmcSgBmthSeJU=",
"lastModified": 1713917034,
"narHash": "sha256-TcRTcrx6Y+qZpoOvCu+DNyHWGFOFxL4bDMCD2EvYNsg=",
"ref": "refs/heads/master",
"rev": "84f9be99ee397303cb23dfc8713115088fa7a53d",
"revCount": 23,
"rev": "d73392f1e37da591bbc2700a37beba60c5bc4648",
"revCount": 25,
"type": "git",
"url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
},

22
hosts/alpha/acme.nix
View file

@ -1,14 +1,16 @@
{lib, ...}: {
security.acme.certs."caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"caddy.service"
"murmur.service"
];
# The NixOS Caddy module is a little too clever and sets the cert's group
# to 'caddy', which means other services can't load it. This is not needed
# since we handle the group membership manually.
group = lib.mkForce "acme";
security.acme.certs = {
"caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"caddy.service"
"murmur.service"
];
# The NixOS Caddy module is a little too clever and sets the cert's group
# to 'caddy', which means other services can't load it. This is not needed
# since we handle the group membership manually.
group = lib.mkForce "acme";
};
};
users.groups.acme.members = [
"caddy"

14
hosts/delta/acme.nix
View file

@ -1,10 +1,12 @@
{...}: {
security.acme.certs."caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"kresd@1.service"
"kresd@2.service"
];
security.acme.certs = {
"caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"kresd@1.service"
"kresd@2.service"
];
};
};
users.groups.acme.members = [
"knot-resolver"

26
hosts/sigma/acme.nix
View file

@ -1,13 +1,21 @@
{lib, ...}: {
security.acme.certs."caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"caddy.service"
];
# The NixOS Caddy module is a little too clever and sets the cert's group
# to 'caddy', which means other services can't load it. This is not needed
# since we handle the group membership manually.
group = lib.mkForce "acme";
security.acme.certs = {
"caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"caddy.service"
];
# The NixOS Caddy module is a little too clever and sets the cert's group
# to 'caddy', which means other services can't load it. This is not needed
# since we handle the group membership manually.
group = lib.mkForce "acme";
};
"sudomail.org" = {
reloadServices = [
"caddy.service"
];
group = lib.mkForce "acme";
};
};
users.groups.acme.members = [
"caddy"

2
modules/server/caddy.nix
View file

@ -20,7 +20,7 @@ lib.mkIf (config.services.caddy.virtualHosts != {}) {
environment.persistence."/nix/persist" = {
directories = [
{
directory = "/var/lib/caddy";
directory = "/var/www/html";
user = "caddy";
group = "caddy";
mode = "0755";