commit bd991c84f6c80fdbdee0d5826a3eab6f195ab3a6
parent 1c12138bdb77e25059650cb7d14fcbd47bee8e6d
Author: William Casarin <jb55@jb55.com>
Date: Wed, 2 Mar 2022 14:42:40 -0800
misc
Signed-off-by: William Casarin <jb55@jb55.com>
Diffstat:
1 file changed, 14 insertions(+), 17 deletions(-)
diff --git a/nix-config/machines/charon/default.nix b/nix-config/machines/charon/default.nix
@@ -169,10 +169,11 @@ in
services.radicale.settings.rights.type = "from_file";
services.radicale.settings.rights.file = "${radicale-rights}";
+ security.acme.acceptTerms = true;
+
security.acme.certs."jb55.com" = {
webroot = "/var/www/challenges";
group = "jb55cert";
- allowKeysForGroup = true;
#postRun = "systemctl restart prosody";
email = myemail;
};
@@ -180,35 +181,30 @@ in
security.acme.certs."git.jb55.com" = {
webroot = "/var/www/challenges";
group = "jb55cert";
- allowKeysForGroup = true;
email = myemail;
};
security.acme.certs."openpgpkey.jb55.com" = {
webroot = "/var/www/challenges";
group = "jb55cert";
- allowKeysForGroup = true;
email = myemail;
};
security.acme.certs."social.jb55.com" = {
webroot = "/var/www/challenges";
group = "jb55cert";
- allowKeysForGroup = true;
email = myemail;
};
security.acme.certs."sheetzen.com" = {
webroot = "/var/www/challenges";
group = "jb55cert";
- allowKeysForGroup = true;
email = myemail;
};
security.acme.certs."bitcoinwizard.net" = {
webroot = "/var/www/challenges";
group = "jb55cert";
- allowKeysForGroup = true;
email = myemail;
};
@@ -227,11 +223,11 @@ in
sieves = builtins.readFile ./dovecot/filters.sieve;
};
- users.extraUsers.prosody.extraGroups = [ "jb55cert" ];
+ #users.extraUsers.prosody.extraGroups = [ "jb55cert" ];
users.extraUsers.smtpd.extraGroups = [ "jb55cert" ];
users.extraUsers.jb55.extraGroups = [ "jb55cert" ];
- services.prosody.enable = true;
+ services.prosody.enable = false;
services.prosody.admins = [ "jb55@jb55.com" ];
services.prosody.allowRegistration = false;
services.prosody.extraModules = xmpp_modules;
@@ -281,15 +277,6 @@ in
serviceConfig.ExecStart = "${npmrepo}/bin/npm-repo-proxy";
};
- systemd.services.gaufre = {
- description = "personal gopher proxy";
-
- wantedBy = [ "multi-user.target" ];
-
- serviceConfig.Type = "simple";
- serviceConfig.ExecStart = "${gaufre}/bin/gaufre 7070";
- };
-
services.fcgiwrap.enable = true;
services.nginx.httpConfig = ''
@@ -461,6 +448,16 @@ in
}
server {
+ listen 80;
+ listen [::]:80;
+ server_name lnlink.app;
+
+ location / {
+ root /www/lnlink.app;
+ }
+ }
+
+ server {
listen 443 ssl;
listen [::]:443 ssl;
server_name openpgpkey.jb55.com;
