Fix nextcloud and privatebin SSL config Both of these were not properly configured for https+muitiple hosts. This commit fixes that - Enable SSL for privatebin - Enable SSL for nextcloud - Replace extra erroneous nextcloud.clicks.codes hostname with cloud.clicks.codes - Repair missing SSL certificate generation options bug - This was impacting our ability to issue certifiates for our secondary hostnames Change-Id: Ic9e7d4b0b5c83615f18c1e50579d9148ced71ba9

commit: 4259e931486c9d626d5ac83a2f5ce4ae46022d6c [log] [tgz]
author: Skyler Grey <minion@clicks.codes> Sat Oct 21 21:37:03 2023 +0000
committer: Skyler Grey <minion@clicks.codes> Sat Oct 21 21:41:54 2023 +0000
tree: 06f46e36a002cddedca09d1aa924fd2ed1eea966
parent: fe1740cc76af3fa3b69df4d588a3112384700003 [diff] [blame]
diff --git a/modules/nginx.nix b/modules/nginx.nix
index 9ccf0b2..08ae0cf 100644
--- a/modules/nginx.nix
+++ b/modules/nginx.nix

@@ -184,11 +184,14 @@
       sopsFile = ../secrets/cloudflare-cert.env.bin;
       format = "binary";
     };
+
+    users.users.nginx.extraGroups = [ config.users.users.acme.group ];
   };
 } (if base != null then {
-  config.security.acme.certs = builtins.mapAttrs (_: v: {
-    webroot = null;
-    dnsProvider = "cloudflare";
-  }) base.config.security.acme.certs;
+  config.security.acme.certs = lib.mkForce (builtins.mapAttrs (_: v:
+    (lib.filterAttrs (n: _: n != "directory") v) // {
+      webroot = null;
+      dnsProvider = "cloudflare";
+    }) base.config.security.acme.certs);
 } else
   { })
commit	4259e931486c9d626d5ac83a2f5ce4ae46022d6c	[log] [tgz]
author	Skyler Grey <minion@clicks.codes>	Sat Oct 21 21:37:03 2023 +0000
committer	Skyler Grey <minion@clicks.codes>	Sat Oct 21 21:41:54 2023 +0000
tree	06f46e36a002cddedca09d1aa924fd2ed1eea966
parent	fe1740cc76af3fa3b69df4d588a3112384700003 [diff] [blame]