JF: Fixed acme

2024-02-26 20:30:22 +01:00
parent c20ed40d60
commit 5bb8d16cb8
1 changed files with 43 additions and 38 deletions
@@ -133,51 +133,56 @@ in {
        openTcpPorts = [80 443];
      };
-      services.nginx = mkIf (cfg.expose.https.enable || cfg.vpn.enable) {
+      services.nginx = mkMerge [
-        enable = true;
+        (mkIf (cfg.expose.https.enable || cfg.vpn.enable) {
          enable = true;
-        recommendedTlsSettings = true;
+          recommendedTlsSettings = true;
-        recommendedOptimisation = true;
+          recommendedOptimisation = true;
-        recommendedGzipSettings = true;
+          recommendedGzipSettings = true;
-
+        })
-        virtualHosts."${builtins.replaceStrings ["\n"] [""] cfg.expose.https.domainName}" = mkIf cfg.expose.https.enable {
+        (mkIf cfg.expose.https.enable {
-          enableACME = true;
+          virtualHosts."${builtins.replaceStrings ["\n"] [""] cfg.expose.https.domainName}" = {
-          forceSSL = true;
+            enableACME = true;
-          locations."/" = {
+            forceSSL = true;
-            recommendedProxySettings = true;
+            locations."/" = {
-            proxyWebsockets = true;
+              recommendedProxySettings = true;
-            proxyPass = "http://127.0.0.1:${builtins.toString defaultPort}";
+              proxyWebsockets = true;
              proxyPass = "http://127.0.0.1:${builtins.toString defaultPort}";
            };
          };
-        };
+        })
-
+        (mkIf cfg.vpn.enable {
-        virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = mkIf cfg.vpn.enable {
+          virtualHosts."127.0.0.1:${builtins.toString defaultPort}" = mkIf cfg.vpn.enable {
-          listen = [
+            listen = [
-            {
+              {
-              addr = "0.0.0.0";
+                addr = "0.0.0.0";
-              port = defaultPort;
+                port = defaultPort;
-            }
+              }
-          ];
+            ];
-          locations."/" = {
+            locations."/" = {
-            recommendedProxySettings = true;
+              recommendedProxySettings = true;
-            proxyWebsockets = true;
+              proxyWebsockets = true;
-            proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}";
+              proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}";
            };
          };
-        };
+        })
-      } // mkIf cfg.expose.vpn.enable {
+        (mkIf cfg.expose.vpn.enable {
-        virtualHosts."${cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = {
+          virtualHosts."${cfg.expose.vpn.accessibleFrom}:${builtins.toString cfg.expose.vpn.port}" = {
-          enableACME = true;
+            enableACME = true;
-          forceSSL = true;
+            forceSSL = true;
-          locations."/" = {
+            locations."/" = {
-            recommendedProxySettings = true;
+              recommendedProxySettings = true;
-            proxyWebsockets = true;
+              proxyWebsockets = true;
-            proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}";
+              proxyPass = "http://192.168.15.1:${builtins.toString defaultPort}";
            };
          };
-        };
+        })
-      };
+      ];
      security.acme = mkIf cfg.expose.https.enable {
        acceptTerms = true;
-        defaults.email = cfg.expose.acmeMail;
+        defaults.email = cfg.expose.https.acmeMail;
      };
      util-nixarr.vpnnamespace.portMappings = [