forgejo: get certs for domain
This commit is contained in:
parent
90ba20d2cc
commit
00133e544f
1 changed files with 9 additions and 2 deletions
|
|
@ -25,13 +25,20 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
security.acme.certs."${config.services.forgejo.settings.server.DOMAIN}" = {
|
||||||
|
domain = "${config.homelab.authDomain}";
|
||||||
|
dnsProvider = "cloudflare";
|
||||||
|
dnsResolver = "1.1.1.1:53";
|
||||||
|
dnsPropagationCheck = true;
|
||||||
|
};
|
||||||
|
|
||||||
# forgejo has user keys under its own .ssh/authorizedKeys file.
|
# forgejo has user keys under its own .ssh/authorizedKeys file.
|
||||||
# nix blocks me from using users.users.<name>.openssh.authorizedKeys.keyFiles
|
# nix blocks me from using users.users.<name>.openssh.authorizedKeys.keyFiles
|
||||||
# in order to only allow that to the forgejo user as it has "/var"
|
# in order to only allow that to the forgejo user as it has "/var"
|
||||||
services.openssh.authorizedKeysInHomedir = lib.mkForce true;
|
services.openssh.authorizedKeysInHomedir = lib.mkForce true;
|
||||||
|
|
||||||
services.caddy.virtualHosts."git.${config.homelab.publicDomain}" = {
|
services.caddy.virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = {
|
||||||
useACMEHost = config.homelab.domain;
|
useACMEHost = config.services.forgejo.settings.server.DOMAIN;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
reverse_proxy http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
|
reverse_proxy http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
|
||||||
'';
|
'';
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue