From 7df420c27ebe7daaa4fd099c457ce9a9075b840e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 16 May 2019 23:23:05 +0200 Subject: Add certificate creation and handling to websites --- nixops/modules/websites/ftp/denisejerome.nix | 13 +++++-------- nixops/modules/websites/ftp/florian.nix | 17 ++++++----------- nixops/modules/websites/ftp/immae.nix | 6 ++---- nixops/modules/websites/ftp/jerome.nix | 12 +++++------- nixops/modules/websites/ftp/leila.nix | 19 ++++++------------- nixops/modules/websites/ftp/nassime.nix | 12 +++++------- nixops/modules/websites/ftp/papa.nix | 12 +++++------- nixops/modules/websites/ftp/release.nix | 3 +-- nixops/modules/websites/ftp/temp.nix | 3 +-- 9 files changed, 36 insertions(+), 61 deletions(-) (limited to 'nixops/modules/websites/ftp') diff --git a/nixops/modules/websites/ftp/denisejerome.nix b/nixops/modules/websites/ftp/denisejerome.nix index fa31430..884fb62 100644 --- a/nixops/modules/websites/ftp/denisejerome.nix +++ b/nixops/modules/websites/ftp/denisejerome.nix @@ -13,15 +13,12 @@ in { config = lib.mkIf cfg.production.enable { services.webstats.sites = [ { name = "denisejerome.piedsjaloux.fr"; } ]; - security.acme.certs."denisejerome" = config.services.myCertificates.certConfig // { - domain = "denisejerome.piedsjaloux.fr"; - }; - services.websites.production.vhostConfs.denisejerome = { - certName = "denisejerome"; - hosts = ["denisejerome.piedsjaloux.fr" ]; - root = varDir; - extraConfig = [ + certName = "denisejerome"; + certMainHost = "denisejerome.piedsjaloux.fr"; + hosts = ["denisejerome.piedsjaloux.fr" ]; + root = varDir; + extraConfig = [ '' Use Stats denisejerome.piedsjaloux.fr diff --git a/nixops/modules/websites/ftp/florian.nix b/nixops/modules/websites/ftp/florian.nix index 8097507..ebd461e 100644 --- a/nixops/modules/websites/ftp/florian.nix +++ b/nixops/modules/websites/ftp/florian.nix @@ -17,19 +17,14 @@ in { config = lib.mkMerge [ (lib.mkIf cfg.production.enable { security.acme.certs."ftp".extraDomains."tellesflorian.com" = null; - security.acme.certs."florian" = config.services.myCertificates.certConfig // { - domain = "tellesflorian.com"; - extraDomains = { - "www.tellesflorian.com" = null; - }; - }; services.websites.production.modules = adminer.apache.modules; services.websites.production.vhostConfs.florian = { - certName = "florian"; - hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; - root = "${varDir}/tellesflorian.com"; - extraConfig = [ + certName = "florian"; + certMainHost = "tellesflorian.com"; + hosts = [ "tellesflorian.com" "www.tellesflorian.com" ]; + root = "${varDir}/tellesflorian.com"; + extraConfig = [ adminer.apache.vhostConf '' ServerAdmin ${env.server_admin} @@ -47,11 +42,11 @@ in { (lib.mkIf cfg.integration.enable { security.acme.certs."ftp".extraDomains."florian.immae.eu" = null; - security.acme.certs."eldiron".extraDomains."florian.immae.eu" = null; services.websites.integration.modules = adminer.apache.modules; services.websites.integration.vhostConfs.florian = { certName = "eldiron"; + addToCerts = true; hosts = [ "florian.immae.eu" ]; root = "${varDir}/florian.immae.eu"; extraConfig = [ diff --git a/nixops/modules/websites/ftp/immae.nix b/nixops/modules/websites/ftp/immae.nix index e188d95..2ba30a1 100644 --- a/nixops/modules/websites/ftp/immae.nix +++ b/nixops/modules/websites/ftp/immae.nix @@ -13,8 +13,6 @@ in { config = lib.mkIf cfg.production.enable { services.webstats.sites = [ { name = "www.immae.eu"; } ]; - security.acme.certs."eldiron".extraDomains."www.immae.eu" = null; - services.myPhpfpm.poolConfigs.immae = '' listen = /run/phpfpm/immae.sock user = wwwrun @@ -31,6 +29,7 @@ in { services.websites.production.modules = [ "proxy_fcgi" ]; services.websites.production.vhostConfs.immae = { certName = "eldiron"; + addToCerts = true; hosts = [ "www.immae.eu" ]; root = varDir; extraConfig = [ @@ -56,10 +55,9 @@ in { ]; }; - security.acme.certs."eldiron".extraDomains."bouya.org" = null; - security.acme.certs."eldiron".extraDomains."www.bouya.org" = null; services.websites.production.vhostConfs.bouya = { certName = "eldiron"; + addToCerts = true; hosts = [ "bouya.org" "www.bouya.org" ]; root = null; extraConfig = [ '' diff --git a/nixops/modules/websites/ftp/jerome.nix b/nixops/modules/websites/ftp/jerome.nix index a340644..d00c42d 100644 --- a/nixops/modules/websites/ftp/jerome.nix +++ b/nixops/modules/websites/ftp/jerome.nix @@ -15,9 +15,6 @@ in { services.webstats.sites = [ { name = "naturaloutil.immae.eu"; } ]; security.acme.certs."ftp".extraDomains."naturaloutil.immae.eu" = null; - security.acme.certs."naturaloutil" = config.services.myCertificates.certConfig // { - domain = "naturaloutil.immae.eu"; - }; secrets.keys = [{ dest = "webapps/prod-naturaloutil"; @@ -60,10 +57,11 @@ in { ''; services.websites.production.modules = adminer.apache.modules ++ [ "proxy_fcgi" ]; services.websites.production.vhostConfs.naturaloutil = { - certName = "naturaloutil"; - hosts = ["naturaloutil.immae.eu" ]; - root = varDir; - extraConfig = [ + certName = "naturaloutil"; + certMainHost = "naturaloutil.immae.eu"; + hosts = ["naturaloutil.immae.eu" ]; + root = varDir; + extraConfig = [ adminer.apache.vhostConf '' Use Stats naturaloutil.immae.eu diff --git a/nixops/modules/websites/ftp/leila.nix b/nixops/modules/websites/ftp/leila.nix index 5185372..14bfa20 100644 --- a/nixops/modules/websites/ftp/leila.nix +++ b/nixops/modules/websites/ftp/leila.nix @@ -10,15 +10,6 @@ in { }; config = (lib.mkIf cfg.production.enable { - security.acme.certs."leila" = config.services.myCertificates.certConfig // { - domain = "leila.bouya.org"; - extraDomains = { - "chorale.leila.bouya.org" = null; - "chorale-vocanta.fr.nf" = null; - "www.chorale-vocanta.fr.nf" = null; - }; - }; - services.myPhpfpm.poolConfigs.leila = '' listen = /run/phpfpm/leila.sock user = wwwrun @@ -41,6 +32,7 @@ in { services.websites.production.modules = [ "proxy_fcgi" ]; services.websites.production.vhostConfs.leila_chorale = { certName = "leila"; + addToCerts = true; hosts = [ "chorale.leila.bouya.org" "chorale-vocanta.fr.nf" "www.chorale-vocanta.fr.nf" ]; root = "${varDir}/Chorale"; extraConfig = [ @@ -62,10 +54,11 @@ in { ]; }; services.websites.production.vhostConfs.leila = { - certName = "leila"; - hosts = [ "leila.bouya.org" ]; - root = varDir; - extraConfig = [ + certName = "leila"; + certMainHost = "leila.bouya.org"; + hosts = [ "leila.bouya.org" ]; + root = varDir; + extraConfig = [ '' Use Stats leila.bouya.org diff --git a/nixops/modules/websites/ftp/nassime.nix b/nixops/modules/websites/ftp/nassime.nix index 9ed8a80..3c982d3 100644 --- a/nixops/modules/websites/ftp/nassime.nix +++ b/nixops/modules/websites/ftp/nassime.nix @@ -14,15 +14,13 @@ in { services.webstats.sites = [ { name = "nassime.bouya.org"; } ]; security.acme.certs."ftp".extraDomains."nassime.bouya.org" = null; - security.acme.certs."nassime" = config.services.myCertificates.certConfig // { - domain = "nassime.bouya.org"; - }; services.websites.production.vhostConfs.nassime = { - certName = "nassime"; - hosts = ["nassime.bouya.org" ]; - root = varDir; - extraConfig = [ + certName = "nassime"; + certMainHost = "nassime.bouya.org"; + hosts = ["nassime.bouya.org" ]; + root = varDir; + extraConfig = [ '' Use Stats nassime.bouya.org ServerAdmin ${env.server_admin} diff --git a/nixops/modules/websites/ftp/papa.nix b/nixops/modules/websites/ftp/papa.nix index cdbc1b0..c8d05ef 100644 --- a/nixops/modules/websites/ftp/papa.nix +++ b/nixops/modules/websites/ftp/papa.nix @@ -11,9 +11,6 @@ in { config = lib.mkIf cfg.production.enable { security.acme.certs."ftp".extraDomains."surveillance.maison.bbc.bouya.org" = null; - security.acme.certs."papa" = config.services.myCertificates.certConfig // { - domain = "surveillance.maison.bbc.bouya.org"; - }; services.cron = { systemCronJobs = let @@ -35,10 +32,11 @@ in { }; services.websites.production.vhostConfs.papa = { - certName = "papa"; - hosts = [ "surveillance.maison.bbc.bouya.org" ]; - root = varDir; - extraConfig = [ + certName = "papa"; + certMainHost = "surveillance.maison.bbc.bouya.org"; + hosts = [ "surveillance.maison.bbc.bouya.org" ]; + root = varDir; + extraConfig = [ '' Use Apaxy "${varDir}" "title .duplicity-ignore" diff --git a/nixops/modules/websites/ftp/release.nix b/nixops/modules/websites/ftp/release.nix index 2ddd8bc..db3487f 100644 --- a/nixops/modules/websites/ftp/release.nix +++ b/nixops/modules/websites/ftp/release.nix @@ -13,10 +13,9 @@ in { config = lib.mkIf cfg.production.enable { services.webstats.sites = [ { name = "release.immae.eu"; } ]; - security.acme.certs."eldiron".extraDomains."release.immae.eu" = null; - services.websites.production.vhostConfs.release = { certName = "eldiron"; + addToCerts = true; hosts = [ "release.immae.eu" ]; root = varDir; extraConfig = [ diff --git a/nixops/modules/websites/ftp/temp.nix b/nixops/modules/websites/ftp/temp.nix index bdd80c0..86dfde3 100644 --- a/nixops/modules/websites/ftp/temp.nix +++ b/nixops/modules/websites/ftp/temp.nix @@ -11,11 +11,10 @@ in { }; config = lib.mkIf cfg.production.enable { - security.acme.certs."eldiron".extraDomains."temp.immae.eu" = null; - services.websites.production.modules = [ "headers" ]; services.websites.production.vhostConfs.temp = { certName = "eldiron"; + addToCerts = true; hosts = [ "temp.immae.eu" ]; root = varDir; extraConfig = [ -- cgit v1.2.3