all repos — nixfiles @ 87a16370845e18e984d302b918af7be05e5a817f

System and user configuration, managed by nix and home-manager

linde: let caddy manage most certificates

Alan Pearce
commit

87a16370845e18e984d302b918af7be05e5a817f

parent

41430c3ad65902a9a46947afa4834e81292f4b49

1 file changed, 0 insertions(+), 15 deletions(-)

jump to
M system/linde.nixsystem/linde.nix
@@ -478,9 +478,6 @@ reloadServices = [ "caddy" ];
       validMinDays = 32;
     };
     acceptTerms = true;
-    certs."alanpearce.eu" = {
-      domain = "*.alanpearce.eu";
-    };
     certs."stats.alanpearce.eu" = {
       extraDomainNames = [ "*.stats.alanpearce.eu" ];
     };

@@ -496,9 +493,6 @@
   services.caddy = {
     enable = true;
     group = "caddy";
-    globalConfig = ''
-      auto_https disable_certs
-    '';
     virtualHosts =
       let
         inherit (import ../lib/caddy.nix { inherit lib; }) security-headers;

@@ -509,14 +503,12 @@ # Needed for HTTP->HTTPS servers
         };
         "${hostname}.alanpearce.eu" = {
           serverAliases = [ "https://" ];
-          useACMEHost = "alanpearce.eu";
           extraConfig = ''
             respond * 204
             ${security-headers {}}
           '';
         };
         "pdns.alanpearce.eu" = {
-          useACMEHost = "alanpearce.eu";
           extraConfig = ''
             log {
               output discard

@@ -525,7 +517,6 @@ reverse_proxy 127.0.0.1:8081
           '';
         };
         "id.alanpearce.eu" = {
-          useACMEHost = "alanpearce.eu";
           extraConfig = ''
             encode zstd gzip
             ${security-headers {}}

@@ -533,7 +524,6 @@ reverse_proxy http://${config.services.dex.settings.web.http}
           '';
         };
         "files.alanpearce.eu" = {
-          useACMEHost = "alanpearce.eu";
           extraConfig = ''
             encode zstd gzip
             ${security-headers {}}

@@ -542,7 +532,6 @@ file_server browse
           '';
         };
         "ntfy.alanpearce.eu" = {
-          useACMEHost = "alanpearce.eu";
           extraConfig = ''
             encode zstd gzip
             ${security-headers {}}

@@ -553,7 +542,6 @@ }
           '';
         };
         "searchix.alanpearce.eu" = {
-          useACMEHost = "alanpearce.eu";
           extraConfig = ''
             root ${pkgs.searchix}/lib/searchix
             handle /static/* {

@@ -588,7 +576,6 @@ let
             ns = config.services.nix-serve;
           in
           {
-            useACMEHost = "alanpearce.eu";
             extraConfig = ''
               reverse_proxy ${ns.bindAddress}:${toString ns.port}
             '';

@@ -598,7 +585,6 @@ let
             srv = config.services.laminar;
           in
           {
-            useACMEHost = "alanpearce.eu";
             extraConfig = ''
               reverse_proxy ${srv.settings.bindHTTP}
               handle_path /archive/* {

@@ -619,7 +605,6 @@ reverse_proxy ${srv.address}:${toString srv.port}
             '';
           };
         "go.alanpearce.eu" = {
-          useACMEHost = "alanpearce.eu";
           extraConfig = ''
             encode zstd gzip
             ${security-headers {}}