irc.jakstys.lt: configure tls

This commit is contained in:
Motiejus Jakštys 2024-02-12 16:01:29 +02:00
parent cf870d4e43
commit 4df83c8670

View File

@ -301,6 +301,7 @@
"irc.jakstys.lt".extraConfig = '' "irc.jakstys.lt".extraConfig = ''
@denied not remote_ip ${myData.subnets.tailscale.cidr} @denied not remote_ip ${myData.subnets.tailscale.cidr}
abort @denied abort @denied
tls {$CREDENTIALS_DIRECTORY}/irc.jakstys.lt-cert.pem {$CREDENTIALS_DIRECTORY}/irc.jakstys.lt-key.pem
root * ${pkgs.gamja} root * ${pkgs.gamja}
file_server browse { file_server browse {
@ -575,11 +576,14 @@
systemd.services = { systemd.services = {
caddy = let caddy = let
irc = config.mj.services.nsd-acme.zones."irc.jakstys.lt";
hass = config.mj.services.nsd-acme.zones."hass.jakstys.lt"; hass = config.mj.services.nsd-acme.zones."hass.jakstys.lt";
grafana = config.mj.services.nsd-acme.zones."grafana.jakstys.lt"; grafana = config.mj.services.nsd-acme.zones."grafana.jakstys.lt";
bitwarden = config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt"; bitwarden = config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt";
in { in {
serviceConfig.LoadCredential = [ serviceConfig.LoadCredential = [
"irc.jakstys.lt-cert.pem:${irc.certFile}"
"irc.jakstys.lt-key.pem:${irc.keyFile}"
"hass.jakstys.lt-cert.pem:${hass.certFile}" "hass.jakstys.lt-cert.pem:${hass.certFile}"
"hass.jakstys.lt-key.pem:${hass.keyFile}" "hass.jakstys.lt-key.pem:${hass.keyFile}"
"grafana.jakstys.lt-cert.pem:${grafana.certFile}" "grafana.jakstys.lt-cert.pem:${grafana.certFile}"
@ -588,11 +592,13 @@
"bitwarden.jakstys.lt-key.pem:${bitwarden.keyFile}" "bitwarden.jakstys.lt-key.pem:${bitwarden.keyFile}"
]; ];
after = [ after = [
"nsd-acme-irc.jakstys.lt.service"
"nsd-acme-hass.jakstys.lt.service" "nsd-acme-hass.jakstys.lt.service"
"nsd-acme-grafana.jakstys.lt.service" "nsd-acme-grafana.jakstys.lt.service"
"nsd-acme-bitwarden.jakstys.lt.service" "nsd-acme-bitwarden.jakstys.lt.service"
]; ];
requires = [ requires = [
"nsd-acme-irc.jakstys.lt.service"
"nsd-acme-hass.jakstys.lt.service" "nsd-acme-hass.jakstys.lt.service"
"nsd-acme-grafana.jakstys.lt.service" "nsd-acme-grafana.jakstys.lt.service"
"nsd-acme-bitwarden.jakstys.lt.service" "nsd-acme-bitwarden.jakstys.lt.service"
@ -672,6 +678,7 @@
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
pathConfig = { pathConfig = {
PathChanged = [ PathChanged = [
config.mj.services.nsd-acme.zones."irc.jakstys.lt".certFile
config.mj.services.nsd-acme.zones."hass.jakstys.lt".certFile config.mj.services.nsd-acme.zones."hass.jakstys.lt".certFile
config.mj.services.nsd-acme.zones."grafana.jakstys.lt".certFile config.mj.services.nsd-acme.zones."grafana.jakstys.lt".certFile
config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt".certFile config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt".certFile