hosts/atlas+p-body: use cloudflared

author: seth <[email protected]> 2023-08-04 13:31:42 -0400
committer: seth <[email protected]> 2023-08-04 13:32:48 -0400
commit: b4600bce3f9314e8d7c459be0f170b91031e4dcc (patch)
tree: e520de0664ab3012e34ca07d862565ea07cae4af /hosts
parent: c71dd50f7c1b99a2a1a6d8ab91597bd2e7113840 (diff)
2 files changed, 33 insertions, 28 deletions
diff --git a/hosts/atlas/nginx.nix b/hosts/atlas/nginx.nix
index 2356e1d..05cf3db 100644
--- a/hosts/atlas/nginx.nix
+++ b/hosts/atlas/nginx.nix
@@ -1,14 +1,13 @@
-{config, ...}: {
-  getchoo.server.acme.enable = true;
-  networking.firewall.allowedTCPPorts = [443];
-
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "[email protected]";
-      dnsProvider = "cloudflare";
-      credentialsFile = config.age.secrets.cloudflareApiKey.path;
-    };
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (config.networking) domain;
+in {
+  getchoo.server = {
+    acme.enable = true;
+    services.cloudflared.enable = true;
   };
 
   services.nginx = {
@@ -20,8 +19,6 @@
     recommendedTlsSettings = true;
 
     virtualHosts = let
-      inherit (config.networking) domain;
-
       mkProxy = endpoint: port: {
         "${endpoint}" = {
           proxyPass = "http://localhost:${port}";
@@ -29,14 +26,16 @@
         };
       };
 
-      mkVHosts = builtins.mapAttrs (_: v:
-        v
-        // {
+      mkVHosts = let
+        commonSettings = {
           enableACME = true;
           # workaround for https://github.com/NixOS/nixpkgs/issues/210807
           acmeRoot = null;
-          forceSSL = true;
-        });
+
+          addSSL = true;
+        };
+      in
+        builtins.mapAttrs (_: lib.recursiveUpdate commonSettings);
     in
       mkVHosts {
         "miniflux.${domain}" = {
diff --git a/hosts/p-body/nginx.nix b/hosts/p-body/nginx.nix
index 1d491d2..3278870 100644
--- a/hosts/p-body/nginx.nix
+++ b/hosts/p-body/nginx.nix
@@ -1,8 +1,14 @@
-{config, ...}: let
+{
+  config,
+  lib,
+  ...
+}: let
   inherit (config.networking) domain;
 in {
-  getchoo.server.acme.enable = true;
-  networking.firewall.allowedTCPPorts = [443];
+  getchoo.server = {
+    acme.enable = true;
+    services.cloudflared.enable = true;
+  };
 
   services.nginx = {
     enable = true;
@@ -12,8 +18,6 @@ in {
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
 
-    statusPage = true;
-
     virtualHosts = let
       mkProxy = endpoint: port: {
         "${endpoint}" = {
@@ -22,14 +26,16 @@ in {
         };
       };
 
-      mkVHosts = builtins.mapAttrs (_: v:
-        v
-        // {
+      mkVHosts = let
+        commonSettings = {
           enableACME = true;
           # workaround for https://github.com/NixOS/nixpkgs/issues/210807
           acmeRoot = null;
-          forceSSL = true;
-        });
+
+          addSSL = true;
+        };
+      in
+        builtins.mapAttrs (_: lib.recursiveUpdate commonSettings);
     in
       mkVHosts {
         "api.${domain}" = {
author	seth <[email protected]>	2023-08-04 13:31:42 -0400
committer	seth <[email protected]>	2023-08-04 13:32:48 -0400
commit	b4600bce3f9314e8d7c459be0f170b91031e4dcc (patch)
tree	e520de0664ab3012e34ca07d862565ea07cae4af /hosts
parent	c71dd50f7c1b99a2a1a6d8ab91597bd2e7113840 (diff)