diff options
| author |  Johannes Christ <[email protected]> | 2025-04-27 18:54:47 +0200 |
|---|---|---|
| committer | jchristgit <[email protected]> | 2025-04-27 20:27:01 +0200 |
| commit | 689ee5cf677b71ec2959f4c3a349d681a11200a7 (patch) | |
| tree | 346916b451ef7f4aea592615cdfd9bc6b8ca1f27 | |
| parent | Deploy certbot and nginx to turing (diff) | |
Deploy simple nginx config to turing
| -rw-r--r-- | guix/turing.scm | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/guix/turing.scm b/guix/turing.scm index af81c1c..27f6c3a 100644 --- a/guix/turing.scm +++ b/guix/turing.scm @@ -54,6 +54,15 @@ #~(let ((pid (call-with-input-file "/var/run/nginx/pid" read))) (kill pid SIGHUP)))) +(define (letsencrypt-path hostname filename) + (string-append "/etc/letsencrypt/live/" hostname "/" filename)) + +(define (letsencrypt-key hostname) + (letsencrypt-path hostname "privkey.pem")) + +(define (letsencrypt-cert hostname) + (letsencrypt-path hostname "fullchain.pem")) + (define %services (append (list (service openssh-service-type (openssh-configuration @@ -71,7 +80,14 @@ %hidden-service-turing (service nginx-service-type (nginx-configuration - (server-blocks '()))) + (server-blocks + (list + (nginx-server-configuration + (listen '("443 ssl http2")) + (server-name '("turing.box.pydis.wtf")) + (ssl-certificate (letsencrypt-cert "turing.box.pydis.wtf")) + (ssl-certificate-key (letsencrypt-key "turing.box.pydis.wtf")) + (root "/var/www/turing.box.pydis.wtf")))))) ; The below is added by the certbot role ; (listen '("80" "[::]:80")) ; (server-name '("turing.box.pydis.wtf")) |