| commit | 4259e931486c9d626d5ac83a2f5ce4ae46022d6c | [log] [tgz] |
|---|---|---|
| author | Skyler Grey <minion@clicks.codes> | Sat Oct 21 21:37:03 2023 +0000 |
| committer | Skyler Grey <minion@clicks.codes> | Sat Oct 21 21:41:54 2023 +0000 |
| tree | 06f46e36a002cddedca09d1aa924fd2ed1eea966 | |
| parent | fe1740cc76af3fa3b69df4d588a3112384700003 [diff] |
Fix nextcloud and privatebin SSL config
Both of these were not properly configured for https+muitiple hosts. This commit
fixes that
- Enable SSL for privatebin
- Enable SSL for nextcloud
- Replace extra erroneous nextcloud.clicks.codes hostname with
cloud.clicks.codes
- Repair missing SSL certificate generation options bug
- This was impacting our ability to issue certifiates for our secondary
hostnames
Change-Id: Ic9e7d4b0b5c83615f18c1e50579d9148ced71ba9
To deploy these files to our server we use deploy-rs. If you've got a flakes-enabled nix installed on your system you can run
nix run github:serokell/deploy-rs
You can also install deploy-rs to your profile, at which point you'll be able to run
deploy
Secrets are stored in SOPS and deployed using scalpel.
If you have a service which needs to store secrets in its config file, please set systemd reloadTriggers and restartTriggers to automatically reload/restart the service whenever the configuration changes.
It's notable that changing the secrets will not trigger a reload/restart of the service. If you want to update the secrets without updating the rest of the configuration you currently need to manually restart the service. It's possible that this could be solved by using systemd paths to watch the files (see https://superuser.com/questions/1171751/restart-systemd-service-automatically-whenever-a-directory-changes-any-file-ins) but this is not a priority