forked from M-Labs/it-infra
nixbld: remove obsolete ACME workaround
This commit is contained in:
parent
328a85c504
commit
048863593a
|
@ -543,29 +543,7 @@ in
|
|||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "sb" + "@m-labs.hk";
|
||||
security.acme.certs = {
|
||||
"nixbld.m-labs.hk" = {
|
||||
group = "nginx";
|
||||
webroot = "/var/lib/acme/acme-challenge";
|
||||
extraDomainNames = [
|
||||
"m-labs.hk"
|
||||
"www.m-labs.hk"
|
||||
"conda.m-labs.hk"
|
||||
"lab.m-labs.hk"
|
||||
"git.m-labs.hk"
|
||||
"chat.m-labs.hk"
|
||||
"hooks.m-labs.hk"
|
||||
"forum.m-labs.hk"
|
||||
"perso.m-labs.hk"
|
||||
"call.m-labs.hk"
|
||||
"rt.m-labs.hk"
|
||||
"nmigen.org"
|
||||
"www.nmigen.org"
|
||||
"m-labs.science"
|
||||
"www.m-labs.science"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/issues/106862
|
||||
systemd.services."acme-fixperms".wants = [ "bind.service" "dnsmasq.service" ];
|
||||
systemd.services."acme-fixperms".after = [ "bind.service" "dnsmasq.service" ];
|
||||
|
@ -576,7 +554,7 @@ in
|
|||
virtualHosts = let
|
||||
mainWebsite = {
|
||||
addSSL = true;
|
||||
useACMEHost = "nixbld.m-labs.hk";
|
||||
enableACME = true;
|
||||
root = "${hydraWwwOutputs}/web";
|
||||
extraConfig = ''
|
||||
error_page 404 /404.html;
|
||||
|
@ -655,7 +633,7 @@ in
|
|||
"www.m-labs.science" = mainWebsite;
|
||||
"lab.m-labs.hk" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "nixbld.m-labs.hk";
|
||||
enableACME = true;
|
||||
locations."/munin/".alias = "/var/www/munin/";
|
||||
locations."/munin".extraConfig = ''
|
||||
auth_basic "Munin";
|
||||
|
@ -670,12 +648,12 @@ in
|
|||
};
|
||||
"nixbld.m-labs.hk" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "nixbld.m-labs.hk";
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://127.0.0.1:3000";
|
||||
};
|
||||
"conda.m-labs.hk" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "nixbld.m-labs.hk";
|
||||
enableACME = true;
|
||||
locations."/artiq-beta/" = {
|
||||
alias = "${hydraWwwOutputs}/artiq-conda-channel-beta/";
|
||||
extraConfig = ''
|
||||
|
@ -707,7 +685,7 @@ in
|
|||
};
|
||||
"git.m-labs.hk" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "nixbld.m-labs.hk";
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://127.0.0.1:3001";
|
||||
extraConfig = ''
|
||||
client_max_body_size 300M;
|
||||
|
@ -715,14 +693,14 @@ in
|
|||
};
|
||||
"chat.m-labs.hk" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "nixbld.m-labs.hk";
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://127.0.0.1:8065";
|
||||
locations."~ /api/v[0-9]+/(users/)?websocket$".proxyPass = "http://127.0.0.1:8065";
|
||||
locations."~ /api/v[0-9]+/(users/)?websocket$".proxyWebsockets = true;
|
||||
};
|
||||
"hooks.m-labs.hk" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "nixbld.m-labs.hk";
|
||||
enableACME = true;
|
||||
locations."/mattermost-github".extraConfig = ''
|
||||
include ${pkgs.nginx}/conf/uwsgi_params;
|
||||
uwsgi_pass unix:${config.services.uwsgi.runDir}/uwsgi-mgi.sock;
|
||||
|
@ -734,7 +712,7 @@ in
|
|||
};
|
||||
"forum.m-labs.hk" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "nixbld.m-labs.hk";
|
||||
enableACME = true;
|
||||
root = "/var/www/flarum/public";
|
||||
locations."~ \.php$".extraConfig = ''
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools.flarum.socket};
|
||||
|
@ -746,18 +724,17 @@ in
|
|||
'';
|
||||
};
|
||||
"call.m-labs.hk" = {
|
||||
useACMEHost = "nixbld.m-labs.hk";
|
||||
enableACME = false;
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
"perso.m-labs.hk" = {
|
||||
addSSL = true;
|
||||
useACMEHost = "nixbld.m-labs.hk";
|
||||
enableACME = true;
|
||||
root = "/var/www/perso";
|
||||
};
|
||||
"rt.m-labs.hk" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "nixbld.m-labs.hk";
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:4201";
|
||||
extraConfig = ''
|
||||
|
@ -779,14 +756,14 @@ in
|
|||
};
|
||||
"nmigen.org" = {
|
||||
addSSL = true;
|
||||
useACMEHost = "nixbld.m-labs.hk";
|
||||
enableACME = true;
|
||||
locations."/".extraConfig = ''
|
||||
return 307 https://m-labs.hk/gateware/nmigen/;
|
||||
'';
|
||||
};
|
||||
"www.nmigen.org" = {
|
||||
addSSL = true;
|
||||
useACMEHost = "nixbld.m-labs.hk";
|
||||
enableACME = true;
|
||||
locations."/".extraConfig = ''
|
||||
return 307 https://m-labs.hk/gateware/nmigen/;
|
||||
'';
|
||||
|
|
Loading…
Reference in New Issue