nyanloutre/nixos-config
1
1
Fork 1
Code Issues Pull Requests Releases Wiki Activity

matrix-synapse: utilisation du certificat ACME

Browse Source
This commit is contained in:
nyanloutre 2019-02-12 11:15:01 +01:00
parent c8f2fd50e5
commit b51cde0014
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
services/haproxy-acme.nix
View File

@ -133,8 +133,8 @@ in
) cfg.services; ) cfg.services;
webroot = "/var/www/challenges"; webroot = "/var/www/challenges";
email = "paul@nyanlout.re"; email = "paul@nyanlout.re";
user = "haproxy"; allowKeysForGroup = true;
group = "haproxy"; group = "acme";
postRun = '' postRun = ''
systemctl reload haproxy.service systemctl reload haproxy.service
''; '';
@ -142,6 +142,8 @@ in
}; };
security.acme.directory = "/var/lib/acme"; security.acme.directory = "/var/lib/acme";
users.groups.acme.members = [ "haproxy" ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 443 80 443
]; ];

4
systems/LoutreOS/services.nix
View File

@ -254,6 +254,8 @@ in
database_args = { database_args = {
database = "matrix-synapse"; database = "matrix-synapse";
}; };
tls_private_key_path = "/var/lib/acme/${domaine}/key.pem";
tls_certificate_path = "/var/lib/acme/${domaine}/fullchain.pem";
extraConfig = '' extraConfig = ''
max_upload_size: "100M" max_upload_size: "100M"
''; '';
@ -411,6 +413,8 @@ in
}; };
}; };
users.groups.acme.members = [ "matrix-synapse" ];
security.sudo.extraRules = [ security.sudo.extraRules = [
{ commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; } { commands = [ { command = "${pkgs.smartmontools}/bin/smartctl"; options = [ "NOPASSWD" ]; } ]; users = [ "telegraf" ]; }
]; ];