forked from M-Labs/it-infra
nixbld: remove obsolete ACME workaround
This commit is contained in:
parent
328a85c504
commit
048863593a
|
@ -543,29 +543,7 @@ in
|
||||||
|
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
security.acme.defaults.email = "sb" + "@m-labs.hk";
|
security.acme.defaults.email = "sb" + "@m-labs.hk";
|
||||||
security.acme.certs = {
|
|
||||||
"nixbld.m-labs.hk" = {
|
|
||||||
group = "nginx";
|
|
||||||
webroot = "/var/lib/acme/acme-challenge";
|
|
||||||
extraDomainNames = [
|
|
||||||
"m-labs.hk"
|
|
||||||
"www.m-labs.hk"
|
|
||||||
"conda.m-labs.hk"
|
|
||||||
"lab.m-labs.hk"
|
|
||||||
"git.m-labs.hk"
|
|
||||||
"chat.m-labs.hk"
|
|
||||||
"hooks.m-labs.hk"
|
|
||||||
"forum.m-labs.hk"
|
|
||||||
"perso.m-labs.hk"
|
|
||||||
"call.m-labs.hk"
|
|
||||||
"rt.m-labs.hk"
|
|
||||||
"nmigen.org"
|
|
||||||
"www.nmigen.org"
|
|
||||||
"m-labs.science"
|
|
||||||
"www.m-labs.science"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
# https://github.com/NixOS/nixpkgs/issues/106862
|
# https://github.com/NixOS/nixpkgs/issues/106862
|
||||||
systemd.services."acme-fixperms".wants = [ "bind.service" "dnsmasq.service" ];
|
systemd.services."acme-fixperms".wants = [ "bind.service" "dnsmasq.service" ];
|
||||||
systemd.services."acme-fixperms".after = [ "bind.service" "dnsmasq.service" ];
|
systemd.services."acme-fixperms".after = [ "bind.service" "dnsmasq.service" ];
|
||||||
|
@ -576,7 +554,7 @@ in
|
||||||
virtualHosts = let
|
virtualHosts = let
|
||||||
mainWebsite = {
|
mainWebsite = {
|
||||||
addSSL = true;
|
addSSL = true;
|
||||||
useACMEHost = "nixbld.m-labs.hk";
|
enableACME = true;
|
||||||
root = "${hydraWwwOutputs}/web";
|
root = "${hydraWwwOutputs}/web";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
error_page 404 /404.html;
|
error_page 404 /404.html;
|
||||||
|
@ -655,7 +633,7 @@ in
|
||||||
"www.m-labs.science" = mainWebsite;
|
"www.m-labs.science" = mainWebsite;
|
||||||
"lab.m-labs.hk" = {
|
"lab.m-labs.hk" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "nixbld.m-labs.hk";
|
enableACME = true;
|
||||||
locations."/munin/".alias = "/var/www/munin/";
|
locations."/munin/".alias = "/var/www/munin/";
|
||||||
locations."/munin".extraConfig = ''
|
locations."/munin".extraConfig = ''
|
||||||
auth_basic "Munin";
|
auth_basic "Munin";
|
||||||
|
@ -670,12 +648,12 @@ in
|
||||||
};
|
};
|
||||||
"nixbld.m-labs.hk" = {
|
"nixbld.m-labs.hk" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "nixbld.m-labs.hk";
|
enableACME = true;
|
||||||
locations."/".proxyPass = "http://127.0.0.1:3000";
|
locations."/".proxyPass = "http://127.0.0.1:3000";
|
||||||
};
|
};
|
||||||
"conda.m-labs.hk" = {
|
"conda.m-labs.hk" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "nixbld.m-labs.hk";
|
enableACME = true;
|
||||||
locations."/artiq-beta/" = {
|
locations."/artiq-beta/" = {
|
||||||
alias = "${hydraWwwOutputs}/artiq-conda-channel-beta/";
|
alias = "${hydraWwwOutputs}/artiq-conda-channel-beta/";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
@ -707,7 +685,7 @@ in
|
||||||
};
|
};
|
||||||
"git.m-labs.hk" = {
|
"git.m-labs.hk" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "nixbld.m-labs.hk";
|
enableACME = true;
|
||||||
locations."/".proxyPass = "http://127.0.0.1:3001";
|
locations."/".proxyPass = "http://127.0.0.1:3001";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 300M;
|
client_max_body_size 300M;
|
||||||
|
@ -715,14 +693,14 @@ in
|
||||||
};
|
};
|
||||||
"chat.m-labs.hk" = {
|
"chat.m-labs.hk" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "nixbld.m-labs.hk";
|
enableACME = true;
|
||||||
locations."/".proxyPass = "http://127.0.0.1:8065";
|
locations."/".proxyPass = "http://127.0.0.1:8065";
|
||||||
locations."~ /api/v[0-9]+/(users/)?websocket$".proxyPass = "http://127.0.0.1:8065";
|
locations."~ /api/v[0-9]+/(users/)?websocket$".proxyPass = "http://127.0.0.1:8065";
|
||||||
locations."~ /api/v[0-9]+/(users/)?websocket$".proxyWebsockets = true;
|
locations."~ /api/v[0-9]+/(users/)?websocket$".proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
"hooks.m-labs.hk" = {
|
"hooks.m-labs.hk" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "nixbld.m-labs.hk";
|
enableACME = true;
|
||||||
locations."/mattermost-github".extraConfig = ''
|
locations."/mattermost-github".extraConfig = ''
|
||||||
include ${pkgs.nginx}/conf/uwsgi_params;
|
include ${pkgs.nginx}/conf/uwsgi_params;
|
||||||
uwsgi_pass unix:${config.services.uwsgi.runDir}/uwsgi-mgi.sock;
|
uwsgi_pass unix:${config.services.uwsgi.runDir}/uwsgi-mgi.sock;
|
||||||
|
@ -734,7 +712,7 @@ in
|
||||||
};
|
};
|
||||||
"forum.m-labs.hk" = {
|
"forum.m-labs.hk" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "nixbld.m-labs.hk";
|
enableACME = true;
|
||||||
root = "/var/www/flarum/public";
|
root = "/var/www/flarum/public";
|
||||||
locations."~ \.php$".extraConfig = ''
|
locations."~ \.php$".extraConfig = ''
|
||||||
fastcgi_pass unix:${config.services.phpfpm.pools.flarum.socket};
|
fastcgi_pass unix:${config.services.phpfpm.pools.flarum.socket};
|
||||||
|
@ -746,18 +724,17 @@ in
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"call.m-labs.hk" = {
|
"call.m-labs.hk" = {
|
||||||
useACMEHost = "nixbld.m-labs.hk";
|
|
||||||
enableACME = false;
|
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
};
|
};
|
||||||
"perso.m-labs.hk" = {
|
"perso.m-labs.hk" = {
|
||||||
addSSL = true;
|
addSSL = true;
|
||||||
useACMEHost = "nixbld.m-labs.hk";
|
enableACME = true;
|
||||||
root = "/var/www/perso";
|
root = "/var/www/perso";
|
||||||
};
|
};
|
||||||
"rt.m-labs.hk" = {
|
"rt.m-labs.hk" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
useACMEHost = "nixbld.m-labs.hk";
|
enableACME = true;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:4201";
|
proxyPass = "http://127.0.0.1:4201";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
@ -779,14 +756,14 @@ in
|
||||||
};
|
};
|
||||||
"nmigen.org" = {
|
"nmigen.org" = {
|
||||||
addSSL = true;
|
addSSL = true;
|
||||||
useACMEHost = "nixbld.m-labs.hk";
|
enableACME = true;
|
||||||
locations."/".extraConfig = ''
|
locations."/".extraConfig = ''
|
||||||
return 307 https://m-labs.hk/gateware/nmigen/;
|
return 307 https://m-labs.hk/gateware/nmigen/;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"www.nmigen.org" = {
|
"www.nmigen.org" = {
|
||||||
addSSL = true;
|
addSSL = true;
|
||||||
useACMEHost = "nixbld.m-labs.hk";
|
enableACME = true;
|
||||||
locations."/".extraConfig = ''
|
locations."/".extraConfig = ''
|
||||||
return 307 https://m-labs.hk/gateware/nmigen/;
|
return 307 https://m-labs.hk/gateware/nmigen/;
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in New Issue