[NixOS] Make vaultwarden/certificates work on biskcomp

2023-09-23 13:52:39 -06:00 · 2023-09-23 13:52:39 -06:00 · e9c7a3c3ce
commit e9c7a3c3ce
parent 9f0d8d3982
1 changed files with 13 additions and 19 deletions
--- a/nixos/machines/biskcomp.nix
+++ b/nixos/machines/biskcomp.nix
@ -19,7 +19,7 @@ in
  modules.fonts.enable = true;
  modules.nixified-ai.enable = false;
  modules.cache-server = {
-    enable = true;
+    enable = false;
    host-string = biskcomp-nginx-hostnames;
    port = 80;
    path = "/nix-cache";
@ -33,32 +33,26 @@ in
    };
  };

+  security.acme = {
+    acceptTerms = true;
+    email = "IvanMalison@gmail.com";
+  };
+
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedGzipSettings = true;
    recommendedTlsSettings = true;
    virtualHosts = {
-      "192.168.1.44 railbird.ai 1896Folsom.duckdns.org 0.0.0.0 67.162.131.71" = {
-        root = ../railbird.ai;
+      "1896Folsom.duckdns.org" = {
+        enableACME = true;
+        forceSSL = true;
        locations."/" = {
-          index = "index.html";
-        };
-      };
-      # Server block for Vaultwarden on a different port
-      "_:8222" = {
-        listen = [ { addr = "::"; port = 8222; } ];  # Listen on IPv6 and port 8222
-        forceSSL = false;  # Assuming you're not using HTTPS for this one
-        locations."/" = {
-          proxyPass = "http://::1:8222";
-          proxySetHeaders = {
-            Host = "$host";
-            X-Real-IP = "$remote_addr";
-            X-Forwarded-For = "$proxy_add_x_forwarded_for";
-            X-Forwarded-Proto = "$scheme";
-          };
-          proxyRedirect = "off";
+          proxyPass = "http://[::1]:8222";
        };
+        # listen = [
+        #   { addr = "0.0.0.0"; port = 8443; }
+        # ];
      };
    };
  };