From f160bc3f4c43a7a8bc0acf7e70e2f27ade548b2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Tue, 24 Sep 2024 14:55:20 +0200 Subject: [PATCH] Remove SSL in Garage VM --- fediversity/garage.nix | 3 +-- vm/garage-vm.nix | 9 ++++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/fediversity/garage.nix b/fediversity/garage.nix index cc6187f1..0dd0d7f1 100644 --- a/fediversity/garage.nix +++ b/fediversity/garage.nix @@ -159,10 +159,9 @@ in }; }; - services.nginx.virtualHosts."garagePortProxy" = { + services.nginx.virtualHosts.${fedicfg.web.rootDomain} = { forceSSL = true; enableACME = true; - serverName = fedicfg.web.rootDomain; serverAliases = lib.mapAttrsToList (bucket: _: fedicfg.web.domainForBucket bucket) cfg.ensureBuckets; ## TODO: use wildcard certificates? locations."/" = { proxyPass = "http://localhost:3902"; diff --git a/vm/garage-vm.nix b/vm/garage-vm.nix index 31e3c414..8deb49fd 100644 --- a/vm/garage-vm.nix +++ b/vm/garage-vm.nix @@ -1,6 +1,8 @@ -{ config, modulesPath, ... }: +{ lib, config, modulesPath, ... }: let + inherit (lib) mkVMOverride; + fedicfg = config.fediversity.internal.garage; in { @@ -9,6 +11,11 @@ in { (modulesPath + "/virtualisation/qemu-vm.nix") ]; + services.nginx.virtualHosts.${fedicfg.web.rootDomain} = { + forceSSL = mkVMOverride false; + enableACME = mkVMOverride false; + }; + virtualisation.diskSize = 2048; virtualisation.forwardPorts = [ {