about summary refs log tree commit diff
path: root/ops/nixos/camden
diff options
context:
space:
mode:
Diffstat (limited to 'ops/nixos/camden')
-rw-r--r--ops/nixos/camden/default.nix17
1 files changed, 13 insertions, 4 deletions
diff --git a/ops/nixos/camden/default.nix b/ops/nixos/camden/default.nix
index 9cecbcdccf0e..e3bf8003ced6 100644
--- a/ops/nixos/camden/default.nix
+++ b/ops/nixos/camden/default.nix
@@ -143,14 +143,23 @@ in pkgs.lib.fix(self: {
     };
   };
 
+  # Provision a TLS certificate outside of nginx to avoid
+  # nixpkgs#38144
+  security.acme.certs."camden.tazj.in" = {
+    user = "nginx";
+    group = "nginx";
+    webroot = "/var/lib/acme/acme-challenge";
+    postRun = "systemctl reload nginx";
+  };
+
   # serve my website
   services.nginx = {
     enable = true;
     enableReload = true;
 
-    # recommendedTlsSettings = true;
-    # recommendedGzipSettings = true;
-    # recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
 
     commonHttpConfig = ''
       log_format json_combined escape=json
@@ -172,7 +181,7 @@ in pkgs.lib.fix(self: {
     virtualHosts.homepage = {
       serverName = "camden.tazj.in"; # TODO(tazjin): change to actual host later
       default = true;
-      enableACME = true;
+      useACMEHost = "camden.tazj.in";
       root = pkgs.web.homepage;
       addSSL = true;
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-01T07ยท42+0000