From 2c6f65d8f8bac5a1ef5a5ab70d34f80720370f55 Mon Sep 17 00:00:00 2001 From: Sakooooo <78461130+Sakooooo@users.noreply.github.com> Date: Sun, 5 Jan 2025 16:19:24 +0400 Subject: [PATCH] what --- modules/server/services/forgejo/pages.nix | 58 +++++++++++------------ 1 file changed, 28 insertions(+), 30 deletions(-) diff --git a/modules/server/services/forgejo/pages.nix b/modules/server/services/forgejo/pages.nix index 71dd7937..9828bb9a 100644 --- a/modules/server/services/forgejo/pages.nix +++ b/modules/server/services/forgejo/pages.nix @@ -130,38 +130,36 @@ in { users.groups = mkIf (cfg.group == "codeberg-pages") { codeberg-pages = { }; }; - services.nginx.virtualHosts = { - "pages.sako.lol" = { - listen = [{ - addr = "0.0.0.0"; - port = 443; - # ssl = true; - }]; - locations."/" = { proxyPass = "http://localhost:57763"; }; - }; - "*.pages.sako.lol" = { - listen = [{ - addr = "0.0.0.0"; - port = 443; - # ssl = true; - }]; - locations."/" = { proxyPass = "http://localhost:56773"; }; - }; + # services.nginx.virtualHosts = { + # "pages.sako.lol" = { + # listen = [{ + # addr = "0.0.0.0"; + # port = 443; + # # ssl = true; + # }]; + # locations."/" = { proxyPass = "https://localhost:57763"; }; + # }; + # "*.pages.sako.lol" = { + # listen = [{ + # addr = "0.0.0.0"; + # port = 443; + # # ssl = true; + # }]; + # locations."/" = { proxyPass = "https://localhost:56773"; }; + # }; + # }; + security.acme.certs."*.pages.sako.lol" = { + credentialsFile = "/srv/secrets/porkbun"; + dnsProvider = "porkbun"; + webroot = null; }; services.nginx.streamConfig = '' - server { - # server_name pages.sako.lol; - listen 57763; - - proxy_connect_timeout 1s; - proxy_timeout 3s; - - proxy_pass localhost:4563; - ssl_preread on; - } - server { - # server_name *.pages.sako.lol; - listen 56773; + server { + server_name *.pages.sako.lol; + listen 443 ssl; + + ssl_certificate /var/lib/acme/*.pages.sako.lol/fullchain.pem; + ssl_certificate_key /var/lib/acme/*.pages.sako.lol/key.pem; proxy_connect_timeout 1s; proxy_timeout 3s;