From 2116ac6b27096d87e7cc1bb609e987e0d28fe455 Mon Sep 17 00:00:00 2001 From: Taeer Bar-Yam Date: Mon, 23 Sep 2024 12:39:15 -0400 Subject: [PATCH] acme fixup --- fediversity/garage.nix | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/fediversity/garage.nix b/fediversity/garage.nix index ea400df..e38acc8 100644 --- a/fediversity/garage.nix +++ b/fediversity/garage.nix @@ -172,10 +172,12 @@ in s3_api.root_domain = ".${fedicfg.api.domain}"; }; }; + services.nginx.virtualHosts."garagePortProxy" = { forceSSL = true; - enableACME = true; - serverName = "*.${fedicfg.web.rootDomain}"; + useACME = true; + serverName = fedicfg.web.rootDomain; + serverAliases = lib.mapAttrsToList (bucket: _: "${bucket}.${fedicfg.web.rootDomain}") cfg.ensureBuckets; ## TODO: use wildcard certificates? locations."/" = { proxyPass = "http://localhost:3902"; extraConfig = '' @@ -183,6 +185,7 @@ in ''; }; }; + systemd.services.ensure-garage = { after = [ "garage.service" ]; wantedBy = [ "garage.service" ];