diff --git a/modules/forgejo.nix b/modules/forgejo.nix index 9188758..1a3d68c 100644 --- a/modules/forgejo.nix +++ b/modules/forgejo.nix @@ -16,7 +16,7 @@ in # TODO: Force ssl # addSSL = true; serverName = "git.zynh.me"; - useACMEHost = lib.mkIf ACMEEnabled "scarlet.zynh.me"; + useACMEHost = lib.mkIf ACMEEnabled "permafrost"; locations."/" = { proxyPass = "http://localhost:3032"; }; diff --git a/modules/foundry.nix b/modules/foundry.nix index 1b38c7c..4faf3ad 100644 --- a/modules/foundry.nix +++ b/modules/foundry.nix @@ -9,34 +9,44 @@ in enable = lib.mkEnableOption "foundry nixos module"; }; - config = lib.mkIf cfg.enable { - permafrost.nginx.enable = lib.mkDefault true; - permafrost.nginx.certDomains = lib.mkIf ACMEEnabled [ "scarlet.zynh.me" ]; - services.nginx.virtualHosts."scarlet.zynh.me" = { - # TODO: Force ssl - # addSSL = true; - serverName = "scarlet.zynh.me"; - useACMEHost = lib.mkIf ACMEEnabled "scarlet.zynh.me"; - locations."/" = { - extraConfig = /* nginx */ '' - # Set proxy headers - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; + config = lib.mkIf cfg.enable (lib.mkMerge [ + { + permafrost.nginx.enable = lib.mkDefault true; + } + { + # permafrost.nginx.certDomains = lib.mkIf ACMEEnabled [ "scarlet.zynh.me" ]; + services.nginx.virtualHosts."scarlet.zynh.me" = { + # TODO: Force ssl + # addSSL = true; + serverName = "scarlet.zynh.me"; + useACMEHost = lib.mkIf ACMEEnabled "permafrost"; + locations."/.well-known/acme-challenge" = { + root = "/var/lib/acme/.challenges"; + }; + locations."/" = { + extraConfig = /* nginx */ '' + # Set proxy headers + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; - # These are important to support WebSockets - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - ''; - proxyPass = "http://localhost:30000"; + # These are important to support WebSockets + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + ''; + proxyPass = "http://localhost:30000"; + }; }; - }; - - services.nginx.virtualHosts."ddbimporter.zynh.me" = { - # TODO: Force ssl - # addSSL = true; - serverName = "ddbimporter.zynh.me"; - locations."/".proxyPass = "http://localhost:3232"; - }; - }; + } + { + permafrost.nginx.certDomains = lib.mkIf ACMEEnabled [ "ddbimporter.zynh.me" ]; + services.nginx.virtualHosts."ddbimporter.zynh.me" = { + # TODO: Force ssl + # addSSL = true; + useACMEHost = lib.mkIf ACMEEnabled "permafrost"; + serverName = "ddbimporter.zynh.me"; + locations."/".proxyPass = "http://localhost:3232"; + }; + } + ]); } diff --git a/modules/nginx.nix b/modules/nginx.nix index 143e14f..d0ae598 100644 --- a/modules/nginx.nix +++ b/modules/nginx.nix @@ -28,6 +28,7 @@ in security.acme.certs.permafrost = lib.mkIf cfg.enableACME { email = "Zynh0722@gmail.com"; domain = "scarlet.zynh.me"; + group = config.services.nginx.group; renewInterval = "weekly"; server = if cfg.useStagingServer diff --git a/modules/nyazoom.nix b/modules/nyazoom.nix index cf1ec57..3280f2b 100644 --- a/modules/nyazoom.nix +++ b/modules/nyazoom.nix @@ -29,7 +29,7 @@ in # TODO: Force ssl # addSSL = true; serverName = "nyazoom.zynh.me"; - useACMEHost = lib.mkIf ACMEEnabled "scarlet.zynh.me"; + useACMEHost = lib.mkIf ACMEEnabled "permafrost"; locations."/" = { proxyPass = "http://localhost:3000"; extraConfig = /* nginx */ ''