Richie/dotfiles
1
0
Fork 0
mirror of https://github.com/RichieCahill/dotfiles.git synced 2026-04-15 04:28:18 -04:00
Code Issues Packages Projects Releases Wiki Activity

made web_services dir

Browse Source
This commit is contained in:
Richie Cahill
2026-04-13 18:53:27 -04:00
parent 5ddf1c4cab
commit d6eec926e7
5 changed files with 39 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
systems/jeeves/default.nix
View File

@@ -15,6 +15,7 @@ in
"${inputs.self}/common/optional/zerotier.nix"
./docker
./services
./web_services
./hardware.nix
./networking.nix
./programs.nix

59
systems/jeeves/services/acme.nix → systems/jeeves/web_services/acme.nix
View File

@@ -1,39 +1,30 @@
let
domains = [
"audiobookshelf"
"cache"
"gitea"
"jellyfin"
"share"
];
makeCert = name: {
name = "${name}.tmmworkshop.com";
value = {
webroot = "/var/lib/acme/.challenges";
group = "acme";
reloadServices = [ "haproxy.service" ];
};
};
acmeServices = map (domain: "acme-${domain}.tmmworkshop.com.service") domains;
in
{
users.users.haproxy.extraGroups = [ "acme" ];
security.acme = {
acceptTerms = true;
defaults.email = "Richie@tmmworkshop.com";
certs."gitea.tmmworkshop.com" = {
webroot = "/var/lib/acme/.challenges";
group = "acme";
reloadServices = [ "haproxy.service" ];
};
certs."audiobookshelf.tmmworkshop.com" = {
webroot = "/var/lib/acme/.challenges";
group = "acme";
reloadServices = [ "haproxy.service" ];
};
certs."cache.tmmworkshop.com" = {
webroot = "/var/lib/acme/.challenges";
group = "acme";
reloadServices = [ "haproxy.service" ];
};
certs."jellyfin.tmmworkshop.com" = {
webroot = "/var/lib/acme/.challenges";
group = "acme";
reloadServices = [ "haproxy.service" ];
};
certs."share.tmmworkshop.com" = {
webroot = "/var/lib/acme/.challenges";
group = "acme";
reloadServices = [ "haproxy.service" ];
};
certs = builtins.listToAttrs (map makeCert domains);
};
# Minimal nginx to serve ACME HTTP-01 challenge files for HAProxy
@@ -60,4 +51,12 @@
];
users.users.nginx.extraGroups = [ "acme" ];
# HAProxy needs certs to exist before it can bind :443.
# NixOS's acme module generates self-signed placeholders on first boot
# via acme-<domain>.service — just make HAProxy wait for them.
systemd.services.haproxy = {
after = acmeServices;
wants = acmeServices;
};
}

9
systems/jeeves/web_services/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{ lib, ... }:
{
imports =
let
files = builtins.attrNames (builtins.readDir ./.);
nixFiles = builtins.filter (name: lib.hasSuffix ".nix" name && name != "default.nix") files;
in
map (file: ./. + "/${file}") nixFiles;
}

0
systems/jeeves/services/haproxy.cfg → systems/jeeves/web_services/haproxy.cfg
View File

0
systems/jeeves/services/haproxy.nix → systems/jeeves/web_services/haproxy.nix
View File