forked from DGNum/infrastructure
fix(linkal): Use http-01 challenge for certificates
This commit is contained in:
parent
56cd177d3e
commit
36c6859ef9
1 changed files with 34 additions and 34 deletions
|
@ -48,39 +48,39 @@ in {
|
||||||
}) cfg.calendarGroups;
|
}) cfg.calendarGroups;
|
||||||
|
|
||||||
# Configure bind for DNS certificate validation on *.cal.dgnum.eu.
|
# Configure bind for DNS certificate validation on *.cal.dgnum.eu.
|
||||||
services.bind = {
|
# services.bind = {
|
||||||
enable = true;
|
# enable = true;
|
||||||
ipv4Only = true;
|
# ipv4Only = true;
|
||||||
extraConfig = ''
|
# extraConfig = ''
|
||||||
include "${config.age.secrets."named-bind_dnskeys_conf".path}";
|
# include "${config.age.secrets."named-bind_dnskeys_conf".path}";
|
||||||
'';
|
# '';
|
||||||
|
#
|
||||||
zones = [rec {
|
# zones = [rec {
|
||||||
name = "cal.dgnum.eu";
|
# name = "cal.dgnum.eu";
|
||||||
file = "/var/db/bind/${name}";
|
# file = "/var/db/bind/${name}";
|
||||||
master = true;
|
# master = true;
|
||||||
extraConfig = ''
|
# extraConfig = ''
|
||||||
allow-update { key "rfc2136key.cal.dgnum.eu"; };
|
# allow-update { key "rfc2136key.cal.dgnum.eu"; };
|
||||||
'';
|
# '';
|
||||||
}];
|
# }];
|
||||||
};
|
# };
|
||||||
|
#
|
||||||
networking.firewall = {
|
# networking.firewall = {
|
||||||
allowedTCPPorts = [ 53 ];
|
# allowedTCPPorts = [ 53 ];
|
||||||
allowedUDPPorts = [ 53 ];
|
# allowedUDPPorts = [ 53 ];
|
||||||
};
|
# };
|
||||||
|
#
|
||||||
dgn-secrets.options = [{ named-bind_dnskeys_conf.owner = "named"; }];
|
# dgn-secrets.options = [{ named-bind_dnskeys_conf.owner = "named"; }];
|
||||||
|
#
|
||||||
# Configure ACME for DNS certificate validation
|
# # Configure ACME for DNS certificate validation
|
||||||
security.acme = {
|
# security.acme = {
|
||||||
acceptTerms = true;
|
# acceptTerms = true;
|
||||||
defaults = {
|
# defaults = {
|
||||||
dnsProvider = "rfc2136";
|
# dnsProvider = "rfc2136";
|
||||||
credentialsFile = config.age.secrets."acme-certs_secret".path;
|
# credentialsFile = config.age.secrets."acme-certs_secret".path;
|
||||||
dnsPropagationCheck = false;
|
# dnsPropagationCheck = false;
|
||||||
};
|
# };
|
||||||
};
|
# };
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -89,7 +89,7 @@ in {
|
||||||
{ port, ... }:
|
{ port, ... }:
|
||||||
nameValuePair "${name}.${cfg.domain}" {
|
nameValuePair "${name}.${cfg.domain}" {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
acmeRoot = null; # Use DNS-01 validation
|
# acmeRoot = null; # Use DNS-01 validation
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
||||||
locations."/".proxyPass =
|
locations."/".proxyPass =
|
||||||
|
|
Loading…
Reference in a new issue