Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

ca.r: serve ca.crt via nginx

Browse Source
This commit is contained in:
lassulus 2021-12-09 14:52:35 +01:00
parent fba330ab36
commit abd82c4faf
4 changed files with 20 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
krebs/1systems/hotdog/config.nix
View File

@ -10,6 +10,7 @@
<stockholm/krebs/2configs/ircd.nix> <stockholm/krebs/2configs/ircd.nix>
<stockholm/krebs/2configs/reaktor2.nix> <stockholm/krebs/2configs/reaktor2.nix>
<stockholm/krebs/2configs/wiki.nix> <stockholm/krebs/2configs/wiki.nix>
<stockholm/krebs/2configs/acme.nix>
## shackie irc bot ## shackie irc bot
<stockholm/krebs/2configs/shack/reaktor.nix> <stockholm/krebs/2configs/shack/reaktor.nix>

4
krebs/2configs/acme.nix
View File

@ -7,15 +7,17 @@ in {
email = "spam@krebsco.de"; email = "spam@krebsco.de";
certs.${domain}.server = "https://${domain}:1443/acme/acme/directory"; # use 1443 here cause bootstrapping loop certs.${domain}.server = "https://${domain}:1443/acme/acme/directory"; # use 1443 here cause bootstrapping loop
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts.${domain} = { virtualHosts.${domain} = {
forceSSL = true; addSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "https://localhost:1443"; proxyPass = "https://localhost:1443";
}; };
locations."= /ca.crt".alias = ../6assets/krebsAcmeCA.crt;
}; };
}; };
krebs.secret.files.krebsAcme = { krebs.secret.files.krebsAcme = {

18
krebs/3modules/ssl.nix
View File

@ -29,23 +29,7 @@ in {
intermediateCA = lib.mkOption { intermediateCA = lib.mkOption {
type = lib.types.str; type = lib.types.str;
readOnly = true; readOnly = true;
default = '' default = builtins.readFile ../6assets/krebsAcmeCA.crt;
-----BEGIN CERTIFICATE-----
MIICWzCCAcSgAwIBAgIQVavHn7XtM7NJ8bnph6hGoTANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCWloxEjAQBgNVBAgMCXN0YXRlbGVzczEQMA4GA1UECgwHS3Jl
YnNjbzELMAkGA1UECwwCS00xFjAUBgNVBAMMDUtyZWJzIFJvb3QgQ0ExJzAlBgkq
hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMTEyMDgxNTU5
MDRaFw0yMTEyMDkxNTU5MDRaMBoxGDAWBgNVBAMTD0tyZWJzIEFDTUUgQ0EgMTBZ
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABDOK4g3pJPhOErk49zQgpNKE1cAyoeLp
PqWXkHZVLIVg8CBzPyCYiHS8RtaJ1kwWxwo5OTypCDOLxf1isR5HgZOjgYAwfjAO
BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUv758
A4RPewsRtgjdB6AE1tn632swHwYDVR0jBBgwFoAUinqtNfqwMKe8gF8M5cGQaNxB
lS8wGAYDVR0eAQH/BA4wDKAKMAOCAXIwA4IBdzANBgkqhkiG9w0BAQsFAAOBgQAT
ewOSGWGTCWcJFGSxgnt8/WspMERq1hL1PikwwVMp7wzJmbHcbA0Es4fcrE5Xf8vQ
dGenlvyQjkQNahbsyGBoja7bpWpnw9qofLQkns1AZWp7q7GBqyKm30keM/E/stjH
YkgY4QaxlIL+6N0f4nKL3RSf6GQ1hWJOHf+RrboaMw==
-----END CERTIFICATE-----
'';
}; };
acmeURL = lib.mkOption { acmeURL = lib.mkOption {
type = lib.types.str; type = lib.types.str;

15
krebs/6assets/krebsAcmeCA.crt Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN CERTIFICATE-----
MIICWzCCAcSgAwIBAgIQVavHn7XtM7NJ8bnph6hGoTANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCWloxEjAQBgNVBAgMCXN0YXRlbGVzczEQMA4GA1UECgwHS3Jl
YnNjbzELMAkGA1UECwwCS00xFjAUBgNVBAMMDUtyZWJzIFJvb3QgQ0ExJzAlBgkq
hkiG9w0BCQEWGHJvb3QtY2FAc3ludGF4LWZlaGxlci5kZTAeFw0yMTEyMDgxNTU5
MDRaFw0yMTEyMDkxNTU5MDRaMBoxGDAWBgNVBAMTD0tyZWJzIEFDTUUgQ0EgMTBZ
MBMGByqGSM49AgEGCCqGSM49AwEHA0IABDOK4g3pJPhOErk49zQgpNKE1cAyoeLp
PqWXkHZVLIVg8CBzPyCYiHS8RtaJ1kwWxwo5OTypCDOLxf1isR5HgZOjgYAwfjAO
BgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUv758
A4RPewsRtgjdB6AE1tn632swHwYDVR0jBBgwFoAUinqtNfqwMKe8gF8M5cGQaNxB
lS8wGAYDVR0eAQH/BA4wDKAKMAOCAXIwA4IBdzANBgkqhkiG9w0BAQsFAAOBgQAT
ewOSGWGTCWcJFGSxgnt8/WspMERq1hL1PikwwVMp7wzJmbHcbA0Es4fcrE5Xf8vQ
dGenlvyQjkQNahbsyGBoja7bpWpnw9qofLQkns1AZWp7q7GBqyKm30keM/E/stjH
YkgY4QaxlIL+6N0f4nKL3RSf6GQ1hWJOHf+RrboaMw==
-----END CERTIFICATE-----