fix: acme generation

2025-04-29 00:38:32 +02:00 · 2025-04-29 00:38:32 +02:00 · ed1a4ed7f5
commit ed1a4ed7f5
parent 021e7bf1a0
1 changed files with 10 additions and 0 deletions
--- a/modules/cloonar-assistant/home-assistant/default.nix
+++ b/modules/cloonar-assistant/home-assistant/default.nix
@ -92,13 +92,23 @@ in
  };
  users.groups.hass.gid = gid;

+  users.users.nginx.extraGroups = [ "ssl-users" ];
+
  services.nginx.enable = true;
  services.nginx.virtualHosts."${domain}" = {
    root = "/var/www";
+    sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
+    sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
+    sslTrustedCertificate = "/var/lib/acme/${domain}/chain.pem";
+    
    forceSSL = true;
    extraConfig = ''
      proxy_buffering off;
    '';
+    location.""^~ /.well-known/acme-challenge/".extraConfig = ''
+      auth_basic off;
+      auth_request off;
+    '';
    locations."/".extraConfig = ''
      proxy_pass http://10.233.0.2:8123;
      proxy_set_header Host $host;