colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

acme: procure a cert for mx.uninsane.org

Browse Source 
we can use this later to allow SMTPS
This commit is contained in:
Colin
2022-05-07 03:24:39 +00:00
parent 93805c6602
commit b53ff4f174
3 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/net.nix
View File

@@ -58,6 +58,8 @@
${iproute2}/bin/ip link set ovpns-veth-b netns ovpns ${iproute2}/bin/ip link set ovpns-veth-b netns ovpns
${iproute2}/bin/ip -n ovpns addr add 10.0.1.6/24 dev ovpns-veth-b ${iproute2}/bin/ip -n ovpns addr add 10.0.1.6/24 dev ovpns-veth-b
${iproute2}/bin/ip -n ovpns link set ovpns-veth-b up ${iproute2}/bin/ip -n ovpns link set ovpns-veth-b up
# forward HTTP traffic, which we need for letsencrypt to work
${iproute2}/bin/ip netns exec ovpns ${socat}/bin/socat TCP4-LISTEN:80,reuseaddr,fork,su=nobody TCP4:10.0.1.5:80 &
''; '';
ExecStop = with pkgs; writeScript "wg0veth-stop" '' ExecStop = with pkgs; writeScript "wg0veth-stop" ''

7
config/services/nginx.nix
View File

@@ -182,11 +182,16 @@
}; };
}; };
# exists only to manage acme for dovecot # exists only to manage certs for dovecot
services.nginx.virtualHosts."imap.uninsane.org" = { services.nginx.virtualHosts."imap.uninsane.org" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
}; };
# exists only to manage certs for Postfix
services.nginx.virtualHosts."mx.uninsane.org" = {
forceSSL = true;
enableACME = true;
};
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.email = "acme@uninsane.org"; security.acme.email = "acme@uninsane.org";

3
config/users.nix
View File

@@ -39,8 +39,9 @@
pkgs.nettools pkgs.nettools
pkgs.nmap pkgs.nmap
pkgs.ripgrep pkgs.ripgrep
pkgs.telnet pkgs.socat
pkgs.sudo pkgs.sudo
pkgs.telnet
pkgs.wireguard pkgs.wireguard
pkgs.zola pkgs.zola
(pkgs.vim_configurable.customize { (pkgs.vim_configurable.customize {