Added automatic ssl certificates for internal domains

2025-03-27 06:10:53 +01:00 · 2022-05-10 06:45:21 +02:00 · 2022-05-10 06:45:21 +02:00 · 919c11573f
commit 919c11573f
parent 5dc1c4ac79
2 changed files with 4 additions and 3 deletions
--- a/lib/default.nix
+++ b/lib/default.nix
@ -35,6 +35,7 @@ in
              htpdate = prev.pkgs.callPackage ../packages/htpdate { };
              authelia = prev.pkgs.callPackage ../packages/authelia { };
              paperless-ng = prev.pkgs.callPackage ../packages/paperless-ng { };
+              tailscale = prev.unstable.tailscale;
            })
          inputs.neovim-nightly-overlay.overlay
        ];
@ -57,14 +58,13 @@ in

  mkVPNSubdomain = name: port: {
    luj.nginx.enable = true;
+    security.acme.certs."${name}.luj".server = "https://ca.luj:8443/acme/acme/directory";
    services.nginx.virtualHosts."${name}.luj" = {
-      sslCertificate = "/etc/nginx/certs/${name}.luj/cert.pem";
-      sslCertificateKey = "/etc/nginx/certs/${name}.luj/key.pem";
      forceSSL = true;
+      enableACME = true;
      locations."/" = {
        proxyPass = "http://localhost:${toString port}";
        extraConfig = ''
-          allow 10.100.0.0/24;
          allow 100.10.10.0/8;
          deny all;
        '';
--- a/lib/luj.nix
+++ b/lib/luj.nix
@ -21,6 +21,7 @@ lib: with lib; let
        _module.freeformType = with types; attrs;

        domain = "julienmalka.me";
+        internalDomain = "luj";

        machines = {
          lisa = {