diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/services/cgit/default.nix | 12 | ||||
| -rw-r--r-- | modules/services/monitoring/grafana.nix | 11 | ||||
| -rw-r--r-- | modules/services/navidrome/default.nix | 15 | ||||
| -rw-r--r-- | modules/services/nginx/default.nix | 5 | ||||
| -rw-r--r-- | modules/services/transmission/default.nix | 11 |
5 files changed, 24 insertions, 30 deletions
diff --git a/modules/services/cgit/default.nix b/modules/services/cgit/default.nix index 5108e42..e00790c 100644 --- a/modules/services/cgit/default.nix +++ b/modules/services/cgit/default.nix @@ -76,6 +76,18 @@ in default = true; forceSSL = true; enableACME = true; + listen = [ + { + addr = "192.168.6.40"; + port = 443; + ssl = true; + } + { + addr = "192.168.6.40"; + port = 80; + ssl = false; + } + ]; locations = { "~* ^.+.(css|png|ico)$" = { root = "${pkgs.cgit}/cgit"; }; # as per https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md diff --git a/modules/services/monitoring/grafana.nix b/modules/services/monitoring/grafana.nix index 9b75fc3..28e86f6 100644 --- a/modules/services/monitoring/grafana.nix +++ b/modules/services/monitoring/grafana.nix @@ -46,15 +46,15 @@ in services.nginx.virtualHosts."${cfg.vhostName}" = { forceSSL = true; - useACMEHost = cfg.vhostName; + useACMEHost = config.homelab.domain; listen = [ { - addr = "100.85.232.66"; + addr = "192.168.6.40"; port = 443; ssl = true; } { - addr = "100.85.232.66"; + addr = "192.168.6.40"; port = 80; ssl = false; } @@ -67,11 +67,6 @@ in }; }; - security.acme.certs."${cfg.vhostName}" = { - dnsProvider = "gcloud"; - credentialsFile = secrets."acme/credentials".path; - }; - my.services.backup = { paths = [ "/var/lib/grafana" ]; exclude = [ diff --git a/modules/services/navidrome/default.nix b/modules/services/navidrome/default.nix index 1e3b6e7..1c8243a 100644 --- a/modules/services/navidrome/default.nix +++ b/modules/services/navidrome/default.nix @@ -21,20 +21,22 @@ in config = lib.mkIf cfg.enable { services.navidrome = { enable = true; - settings = { MusicFolder = cfg.musicFolder; }; + settings = { + MusicFolder = cfg.musicFolder; + }; }; services.nginx.virtualHosts."${cfg.vhostName}" = { forceSSL = true; - useACMEHost = cfg.vhostName; + useACMEHost = config.homelab.domain; listen = [ { - addr = "100.85.232.66"; + addr = "192.168.6.40"; port = 443; ssl = true; } { - addr = "100.85.232.66"; + addr = "192.168.6.40"; port = 80; ssl = false; } @@ -45,11 +47,6 @@ in }; }; - security.acme.certs."${cfg.vhostName}" = { - dnsProvider = "gcloud"; - credentialsFile = secrets."acme/credentials".path; - }; - my.services.backup = { paths = [ "/var/lib/navidrome" ]; exclude = [ "/var/lib/navidrome/cache/" ]; diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix index f745b9b..ec71ba2 100644 --- a/modules/services/nginx/default.nix +++ b/modules/services/nginx/default.nix @@ -18,11 +18,6 @@ in # Nginx needs to be able to read the certificates users.users.nginx.extraGroups = [ "acme" ]; - security.acme = { - defaults.email = "franck@fcuny.net"; - acceptTerms = true; - }; - services.prometheus = { exporters.nginx = { enable = true; diff --git a/modules/services/transmission/default.nix b/modules/services/transmission/default.nix index 824f7a5..43c4675 100644 --- a/modules/services/transmission/default.nix +++ b/modules/services/transmission/default.nix @@ -35,15 +35,15 @@ in services.nginx.virtualHosts."${cfg.vhostName}" = { forceSSL = true; - useACMEHost = cfg.vhostName; + useACMEHost = config.homelab.domain; listen = [ { - addr = "100.85.232.66"; + addr = "192.168.6.40"; port = 443; ssl = true; } { - addr = "100.85.232.66"; + addr = "192.168.6.40"; port = 80; ssl = false; } @@ -54,11 +54,6 @@ in }; }; - security.acme.certs."${cfg.vhostName}" = { - dnsProvider = "gcloud"; - credentialsFile = secrets."acme/credentials".path; - }; - networking.firewall = { allowedTCPPorts = [ 52213 ]; allowedUDPPorts = [ 52213 ]; |