Skip to content

Commit

Permalink
modules (nextcloud): Enable HTTPS via dns challenge
Browse files Browse the repository at this point in the history
  • Loading branch information
@britter
britter committed Jun 28, 2024
1 parent 500dc6a commit 6fcbdb6
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 2 deletions.
23 changes: 23 additions & 0 deletions modules/nixos/nextcloud/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,29 @@ in {
extraAppsEnable = true;
};

services.nginx.virtualHosts."nextcloud.ritter.family" = {
useACMEHost = "nextcloud.ritter.family";
forceSSL = true;
};

users.users.nginx.extraGroups = ["acme"];

sops.secrets.acme-cloudflare-dns-api-token = {};
sops.templates."acme-cloudflare-dns-api-token.env".content = ''
CLOUDFLARE_DNS_API_TOKEN=${config.sops.placeholder.acme-cloudflare-dns-api-token}
'';

security.acme = {
acceptTerms = true;
defaults.email = "[email protected]";

certs."nextcloud.ritter.family" = {
dnsProvider = "cloudflare";
dnsPropagationCheck = true;
credentialsFile = config.sops.templates."acme-cloudflare-dns-api-token.env".path;
};
};

networking = {
firewall = {
allowedTCPPorts = [80 443];
Expand Down
5 changes: 3 additions & 2 deletions systems/x86_64-linux/cyberoffice/secrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
acme-cloudflare-dns-api-token: ENC[AES256_GCM,data:Rasop44i1UlEs6yMsyQwuCR077O1J3fpYtBIFYs/97I8eCWMeQVDVw==,iv:Uli5ekx40OWXvrbJe+NGGfRZQpCUFNlsTLrC5f0Gu9c=,tag:A0Vb2IsGOIMkK090CJcl3Q==,type:str]
nextcloud-admin-pass: ENC[AES256_GCM,data:cR0RbTQ2nO2ca5+n9MA3myM48xbkMzWLaIpCqFPk5eSlzrQT,iv:u3fpasNzKCsf+q8KjLrdYE8tZnHywM4SDzVyoc0sLdk=,tag:YIj3WW5SfHsFWqn4Hrl7Ow==,type:str]
sops:
kms: []
Expand All @@ -23,8 +24,8 @@ sops:
UlJpOFJjcW83R1Q1T09OeDNDbWlrSU0K+0SwyJTJmz6j7+DaCdEb9mUTS1o9HVfJ
VVIgAcnv7HkUVJ/tfK3RuoSb0Ajd9R4iwR7/61mod7bHAHfCU972Ig==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-18T14:25:48Z"
mac: ENC[AES256_GCM,data:lJAn1v/d4Qkgp73QpOuU8kHl05V5Z7TEQ6Fn0SeIfyIeJgSX5ZBll8bm+e0CKiBvEEl6HSO3Ly6bysrum/qzl9VPW78lEQabdNBJL/KW3GtCuPz84EJSLFFIAH2t3fLYIYyIrT4Xn4yBCmUoAcaIP+ji+BsIDCB1J2XZ3XOdi8w=,iv:wwGd0WyLXvTRM3o0Imn9k3Gl5HcBnwdF13TdamVB7UI=,tag:nBe8d53fpe8hTmQ1O9OTVQ==,type:str]
lastmodified: "2024-06-28T09:15:25Z"
mac: ENC[AES256_GCM,data:wNsYkgKyeqX07woez5j3syJGXgBpy+nxkEwyj6FrLvMrcaIFT5d9D/v2/LrzhE5Xh1wPCJkwuf42+eqzGkFMN2JVdkPTcNxUkHM2jH2TjSvC6uYUF/3l/SydvjnRS5oO/o9wYjUMRazVMggQdLJYJu5Ts9cVg8TFhRp61yAVu4w=,iv:4ukS9SMa9FS1HSPsfWKgVXGdvMWG+yBV8f1d4BRE4Gc=,tag:5nTTRFBHCQi2tvg0WQLprQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

0 comments on commit 6fcbdb6

Please sign in to comment.