diff options
Diffstat (limited to 'vps-configuration.env.nix')
| -rw-r--r-- | vps-configuration.env.nix | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix index a521bc7..d72d7f8 100644 --- a/vps-configuration.env.nix +++ b/vps-configuration.env.nix @@ -73,6 +73,17 @@ in { security.acme = { acceptTerms = true; email = envsubstConfiguration.letsencryptEmail; + certs = { + "${envsubstConfiguration.prosodyTLD}" = { + webroot = "/var/lib/acme/.challenges"; + user = "prosody"; + group = "prosody"; + extraDomains = { + "${envsubstConfiguration.prosodyMUCTLD}" = null; + "${envsubstConfiguration.prosodyHTTPUploadTLD}" = null; + }; + }; + }; }; services = { @@ -106,8 +117,12 @@ in { root = boneco; }; "${envsubstConfiguration.prosodyTLD}" = { - forceSSL = true; - enableACME = true; + locations = { + "/.well-known/acme-challenge" = { + root = "/var/lib/acme/.challenges"; + }; + "/" = { return = "301 https://${DOLLAR}host${DOLLAR}request_uri"; }; + }; }; }; }; @@ -142,23 +157,25 @@ in { }; }; - prosody = { + prosody = let + fullchainPEM = + "/var/lib/acme/${envsubstConfiguration.prosodyTLD}/fullchain.pem"; + keyPEM = "/var/lib/acme/${envsubstConfiguration.prosodyTLD}/key.pem"; + in { enable = true; admins = [ envsubstConfiguration.prosodyAdminUser ]; allowRegistration = true; ssl = { - cert = - "/var/lib/acme/${envsubstConfiguration.prosodyTLD}/fullchain.pem"; - key = "/var/lib/acme/${envsubstConfiguration.prosodyTLD}/key.pem"; + cert = fullchainPEM; + key = keyPEM; }; virtualHosts = { "${envsubstConfiguration.prosodyTLD}" = { enabled = true; domain = "${envsubstConfiguration.prosodyTLD}"; ssl = { - cert = - "/var/lib/acme/${envsubstConfiguration.prosodyTLD}/fullchain.pem"; - key = "/var/lib/acme/${envsubstConfiguration.prosodyTLD}/key.pem"; + cert = fullchainPEM; + key = keyPEM; }; }; }; |