about summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/services/cgit/default.nix12
-rw-r--r--modules/services/monitoring/grafana.nix11
-rw-r--r--modules/services/navidrome/default.nix15
-rw-r--r--modules/services/nginx/default.nix5
-rw-r--r--modules/services/transmission/default.nix11
5 files changed, 24 insertions, 30 deletions
diff --git a/modules/services/cgit/default.nix b/modules/services/cgit/default.nix
index 5108e42..e00790c 100644
--- a/modules/services/cgit/default.nix
+++ b/modules/services/cgit/default.nix
@@ -76,6 +76,18 @@ in
       default = true;
       forceSSL = true;
       enableACME = true;
+      listen = [
+        {
+          addr = "192.168.6.40";
+          port = 443;
+          ssl = true;
+        }
+        {
+          addr = "192.168.6.40";
+          port = 80;
+          ssl = false;
+        }
+      ];
       locations = {
         "~* ^.+.(css|png|ico)$" = { root = "${pkgs.cgit}/cgit"; };
         # as per https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md
diff --git a/modules/services/monitoring/grafana.nix b/modules/services/monitoring/grafana.nix
index 9b75fc3..28e86f6 100644
--- a/modules/services/monitoring/grafana.nix
+++ b/modules/services/monitoring/grafana.nix
@@ -46,15 +46,15 @@ in
 
     services.nginx.virtualHosts."${cfg.vhostName}" = {
       forceSSL = true;
-      useACMEHost = cfg.vhostName;
+      useACMEHost = config.homelab.domain;
       listen = [
         {
-          addr = "100.85.232.66";
+          addr = "192.168.6.40";
           port = 443;
           ssl = true;
         }
         {
-          addr = "100.85.232.66";
+          addr = "192.168.6.40";
           port = 80;
           ssl = false;
         }
@@ -67,11 +67,6 @@ in
       };
     };
 
-    security.acme.certs."${cfg.vhostName}" = {
-      dnsProvider = "gcloud";
-      credentialsFile = secrets."acme/credentials".path;
-    };
-
     my.services.backup = {
       paths = [ "/var/lib/grafana" ];
       exclude = [
diff --git a/modules/services/navidrome/default.nix b/modules/services/navidrome/default.nix
index 1e3b6e7..1c8243a 100644
--- a/modules/services/navidrome/default.nix
+++ b/modules/services/navidrome/default.nix
@@ -21,20 +21,22 @@ in
   config = lib.mkIf cfg.enable {
     services.navidrome = {
       enable = true;
-      settings = { MusicFolder = cfg.musicFolder; };
+      settings = {
+        MusicFolder = cfg.musicFolder;
+      };
     };
 
     services.nginx.virtualHosts."${cfg.vhostName}" = {
       forceSSL = true;
-      useACMEHost = cfg.vhostName;
+      useACMEHost = config.homelab.domain;
       listen = [
         {
-          addr = "100.85.232.66";
+          addr = "192.168.6.40";
           port = 443;
           ssl = true;
         }
         {
-          addr = "100.85.232.66";
+          addr = "192.168.6.40";
           port = 80;
           ssl = false;
         }
@@ -45,11 +47,6 @@ in
       };
     };
 
-    security.acme.certs."${cfg.vhostName}" = {
-      dnsProvider = "gcloud";
-      credentialsFile = secrets."acme/credentials".path;
-    };
-
     my.services.backup = {
       paths = [ "/var/lib/navidrome" ];
       exclude = [ "/var/lib/navidrome/cache/" ];
diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix
index f745b9b..ec71ba2 100644
--- a/modules/services/nginx/default.nix
+++ b/modules/services/nginx/default.nix
@@ -18,11 +18,6 @@ in
     # Nginx needs to be able to read the certificates
     users.users.nginx.extraGroups = [ "acme" ];
 
-    security.acme = {
-      defaults.email = "franck@fcuny.net";
-      acceptTerms = true;
-    };
-
     services.prometheus = {
       exporters.nginx = {
         enable = true;
diff --git a/modules/services/transmission/default.nix b/modules/services/transmission/default.nix
index 824f7a5..43c4675 100644
--- a/modules/services/transmission/default.nix
+++ b/modules/services/transmission/default.nix
@@ -35,15 +35,15 @@ in
 
     services.nginx.virtualHosts."${cfg.vhostName}" = {
       forceSSL = true;
-      useACMEHost = cfg.vhostName;
+      useACMEHost = config.homelab.domain;
       listen = [
         {
-          addr = "100.85.232.66";
+          addr = "192.168.6.40";
           port = 443;
           ssl = true;
         }
         {
-          addr = "100.85.232.66";
+          addr = "192.168.6.40";
           port = 80;
           ssl = false;
         }
@@ -54,11 +54,6 @@ in
       };
     };
 
-    security.acme.certs."${cfg.vhostName}" = {
-      dnsProvider = "gcloud";
-      credentialsFile = secrets."acme/credentials".path;
-    };
-
     networking.firewall = {
       allowedTCPPorts = [ 52213 ];
       allowedUDPPorts = [ 52213 ];