l 2 websites util: disable deprecated ssl stuff
This commit is contained in:
parent
e5270a2405
commit
ab684bf6d8
@ -8,28 +8,29 @@ rec {
|
|||||||
let
|
let
|
||||||
domain = head domains;
|
domain = head domains;
|
||||||
in {
|
in {
|
||||||
security.acme = {
|
#security.acme = {
|
||||||
certs."${domain}" = {
|
# certs."${domain}" = {
|
||||||
email = "lassulus@gmail.com";
|
# email = "lassulus@gmail.com";
|
||||||
webroot = "/var/lib/acme/challenges/${domain}";
|
# webroot = "/var/lib/acme/challenges/${domain}";
|
||||||
plugins = [
|
# plugins = [
|
||||||
"account_key.json"
|
# "account_key.json"
|
||||||
"key.pem"
|
# "key.pem"
|
||||||
"fullchain.pem"
|
# "fullchain.pem"
|
||||||
];
|
# ];
|
||||||
group = "nginx";
|
# group = "nginx";
|
||||||
allowKeysForGroup = true;
|
# allowKeysForGroup = true;
|
||||||
extraDomains = genAttrs domains (_: null);
|
# extraDomains = genAttrs domains (_: null);
|
||||||
};
|
# };
|
||||||
};
|
#};
|
||||||
|
|
||||||
krebs.nginx.servers."${domain}" = {
|
krebs.nginx.servers."${domain}" = {
|
||||||
|
ssl.acmeEnable = true;
|
||||||
server-names = domains;
|
server-names = domains;
|
||||||
locations = [
|
#locations = [
|
||||||
(nameValuePair "/.well-known/acme-challenge" ''
|
# (nameValuePair "/.well-known/acme-challenge" ''
|
||||||
root /var/lib/acme/challenges/${domain}/;
|
# root /var/lib/acme/challenges/${domain}/;
|
||||||
'')
|
# '')
|
||||||
];
|
#];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -37,7 +38,7 @@ rec {
|
|||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
( manageCerts domains )
|
( manageCerts domains )
|
||||||
( activateACME (head domains) )
|
#( activateACME (head domains) )
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user