diff --git a/modules/core/nginx.nix b/modules/core/nginx.nix index 625fc8b..9c5dca6 100644 --- a/modules/core/nginx.nix +++ b/modules/core/nginx.nix @@ -5,6 +5,8 @@ services.nginx.virtualHosts = mkOption { type = types.attrsOf (types.submodule ({ name, ... }: { + enableACME = true; + forceSSL = true; # split up nginx access logs per vhost extraConfig = '' access_log /var/log/nginx/${name}_access.log; diff --git a/modules/courses/default.nix b/modules/courses/default.nix index 86f4c5a..686b734 100644 --- a/modules/courses/default.nix +++ b/modules/courses/default.nix @@ -45,9 +45,6 @@ in }; services.nginx.virtualHosts.${hostName} = { - enableACME = true; - forceSSL = true; - # phil redirects locations = let diff --git a/modules/decisions.nix b/modules/decisions.nix index b0ee9bd..8427375 100644 --- a/modules/decisions.nix +++ b/modules/decisions.nix @@ -19,8 +19,6 @@ in services.nginx = { virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:5055"; }; diff --git a/modules/gitea.nix b/modules/gitea.nix index 07d1d48..c66bd3a 100644 --- a/modules/gitea.nix +++ b/modules/gitea.nix @@ -109,8 +109,6 @@ in ''; services.nginx.virtualHosts.${domain} = { - enableACME = true; - forceSSL = true; locations."/" = { proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}:/"; proxyWebsockets = true; diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix index 5a9a217..5352ba1 100644 --- a/modules/hedgedoc.nix +++ b/modules/hedgedoc.nix @@ -68,8 +68,6 @@ in recommendedProxySettings = true; virtualHosts = { "${domain}" = { - enableACME = true; - forceSSL = true; locations."/" = { proxyPass = "http://[::1]:${toString config.services.hedgedoc.settings.port}"; proxyWebsockets = true; diff --git a/modules/hydra.nix b/modules/hydra.nix index ec2ed45..77c347e 100644 --- a/modules/hydra.nix +++ b/modules/hydra.nix @@ -60,8 +60,6 @@ in }; services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.hydra.port}"; }; diff --git a/modules/kanboard.nix b/modules/kanboard.nix index 4938166..5eb155c 100644 --- a/modules/kanboard.nix +++ b/modules/kanboard.nix @@ -35,14 +35,10 @@ in services.nginx.enable = true; services.nginx = { virtualHosts."${domain_short}" = { - enableACME = true; - forceSSL = true; locations."/".return = "301 $scheme://${domain}$request_uri"; }; virtualHosts."${domain}" = { - addSSL = true; - enableACME = true; root = "/srv/web/kanboard"; extraConfig = '' index index.html index.php; diff --git a/modules/ldap/default.nix b/modules/ldap/default.nix index 1bcdc55..bc400ad 100644 --- a/modules/ldap/default.nix +++ b/modules/ldap/default.nix @@ -113,8 +113,6 @@ in services.nginx = { enable = true; virtualHosts."${config.services.portunus.domain}" = { - forceSSL = true; - enableACME = true; locations = { "/".proxyPass = "http://localhost:${toString config.services.portunus.port}"; "/dex".proxyPass = "http://localhost:${toString config.services.portunus.dex.port}"; diff --git a/modules/mail/default.nix b/modules/mail/default.nix index bc80e1d..e6af452 100644 --- a/modules/mail/default.nix +++ b/modules/mail/default.nix @@ -11,11 +11,6 @@ in ./mailman.nix ]; - # Get SSL certs for dovecot and postfix via ngnix - services.nginx.virtualHosts."${hostname}" = { - forceSSL = true; - enableACME = true; - }; security.acme.certs."${hostname}" = { reloadServices = [ "postfix.service" diff --git a/modules/mail/mailman.nix b/modules/mail/mailman.nix index c8dba9b..47e48ca 100644 --- a/modules/mail/mailman.nix +++ b/modules/mail/mailman.nix @@ -64,8 +64,6 @@ ensureDatabases = [ "mailman" "mailman-web" ]; }; services.nginx.virtualHosts."lists.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; locations."/robots.txt" = { extraConfig = '' add_header Content-Type text/plain; diff --git a/modules/mail/rspamd.nix b/modules/mail/rspamd.nix index 2a7c441..62d59bd 100644 --- a/modules/mail/rspamd.nix +++ b/modules/mail/rspamd.nix @@ -117,8 +117,6 @@ in }; nginx = { virtualHosts."${domain}" = { - forceSSL = true; - enableACME = true; locations = { "/" = { proxyPass = "http://127.0.0.1:11334"; diff --git a/modules/mail/sogo.nix b/modules/mail/sogo.nix index cc45369..4999dfd 100644 --- a/modules/mail/sogo.nix +++ b/modules/mail/sogo.nix @@ -65,11 +65,7 @@ in proxy_buffers 8 64k; proxy_buffer_size 64k; ''; - forceSSL = true; - enableACME = true; locations = { - - "^~/SOGo".extraConfig = lib.mkForce '' proxy_pass http://127.0.0.1:20000; proxy_redirect http://127.0.0.1:20000 default; diff --git a/modules/matrix/default.nix b/modules/matrix/default.nix index 95fd87d..f21db85 100644 --- a/modules/matrix/default.nix +++ b/modules/matrix/default.nix @@ -41,9 +41,6 @@ in virtualHosts = { # synapse "${domainServer}" = { - enableACME = true; - forceSSL = true; - # homeserver discovery locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; @@ -58,9 +55,6 @@ in # element "${domainClient}" = { - enableACME = true; - forceSSL = true; - root = pkgs.element-web.override { conf = { default_server_config = { diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 38177f3..6ab4a25 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -45,12 +45,6 @@ in ]; }; - - # Enable ACME and force SSL - nginx.virtualHosts.${domain} = { - enableACME = true; - forceSSL = true; - }; }; # ensure that postgres is running *before* running the setup diff --git a/modules/nix-serve.nix b/modules/nix-serve.nix index 3db7d22..3b10282 100644 --- a/modules/nix-serve.nix +++ b/modules/nix-serve.nix @@ -10,8 +10,6 @@ in port = 5002; }; services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.nix-serve.port}"; }; diff --git a/modules/padlist.nix b/modules/padlist.nix index 14cbcac..83900eb 100644 --- a/modules/padlist.nix +++ b/modules/padlist.nix @@ -24,8 +24,6 @@ in services.nginx = { virtualHosts.${domain} = { - enableACME = true; - forceSSL = true; root = "/srv/web/padlist"; locations = { "= /" = { diff --git a/modules/stream.nix b/modules/stream.nix index 3227e45..f76141a 100644 --- a/modules/stream.nix +++ b/modules/stream.nix @@ -4,8 +4,6 @@ nginx = { virtualHosts = { "stream.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; locations."/" = let cfg = config.services.owncast; diff --git a/modules/vaultwarden.nix b/modules/vaultwarden.nix index 4add3f6..a88a7ca 100644 --- a/modules/vaultwarden.nix +++ b/modules/vaultwarden.nix @@ -31,8 +31,6 @@ in ensureDatabases = [ "vaultwarden" ]; }; services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}"; }; diff --git a/modules/web/ese.nix b/modules/web/ese.nix index 2c8034d..0f696de 100644 --- a/modules/web/ese.nix +++ b/modules/web/ese.nix @@ -42,8 +42,6 @@ in services.nginx = { virtualHosts."${cms-domain}" = { - enableACME = true; - forceSSL = true; locations."/" = { extraConfig = '' if ($request_method = 'OPTIONS') { @@ -64,8 +62,6 @@ in }; }; virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; locations."= /" = { return = "301 /2023/"; }; diff --git a/modules/web/fsrewsp.nix b/modules/web/fsrewsp.nix index 121f710..a64dcc1 100644 --- a/modules/web/fsrewsp.nix +++ b/modules/web/fsrewsp.nix @@ -37,8 +37,6 @@ in services.nginx.enable = true; services.nginx = { virtualHosts."${domain}" = { - addSSL = true; - enableACME = true; root = "/srv/web/fsrewsp"; extraConfig = '' index index.php index.html; diff --git a/modules/web/ftp.nix b/modules/web/ftp.nix index 57c9f15..c816885 100644 --- a/modules/web/ftp.nix +++ b/modules/web/ftp.nix @@ -5,8 +5,6 @@ in { services.nginx.additionalModules = [ pkgs.nginxModules.fancyindex ]; services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; root = "/srv/ftp"; extraConfig = '' fancyindex on; diff --git a/modules/web/ifsrde.nix b/modules/web/ifsrde.nix index a5f45e5..c4ac69f 100644 --- a/modules/web/ifsrde.nix +++ b/modules/web/ifsrde.nix @@ -32,14 +32,9 @@ in services.nginx = { virtualHosts."www.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; locations."/".return = "301 $scheme://ifsr.de$request_uri"; - }; virtualHosts."${config.networking.domain}" = { - enableACME = true; - forceSSL = true; root = "/srv/web/ifsrde"; extraConfig = '' index index.html index.php; diff --git a/modules/web/infoscreen.nix b/modules/web/infoscreen.nix index 5d05e0c..601d0e2 100644 --- a/modules/web/infoscreen.nix +++ b/modules/web/infoscreen.nix @@ -6,8 +6,6 @@ in services.nginx = { enable = true; virtualHosts."${domain}" = { - addSSL = true; - enableACME = true; root = "/srv/web/infoscreen/dist"; }; }; diff --git a/modules/web/kpp.nix b/modules/web/kpp.nix index 262da76..bf30ec2 100644 --- a/modules/web/kpp.nix +++ b/modules/web/kpp.nix @@ -7,9 +7,4 @@ in enable = true; hostName = domain; }; - services.nginx.virtualHosts."${domain}" = { - enableACME = true; - forceSSL = true; - }; - } diff --git a/modules/web/manual.nix b/modules/web/manual.nix index 94a7f15..afcc154 100644 --- a/modules/web/manual.nix +++ b/modules/web/manual.nix @@ -7,10 +7,4 @@ in enable = true; hostName = domain; }; - services.nginx = { - virtualHosts."${domain}" = { - addSSL = true; - enableACME = true; - }; - }; } diff --git a/modules/web/nightline.nix b/modules/web/nightline.nix index 10edf50..3ff9165 100644 --- a/modules/web/nightline.nix +++ b/modules/web/nightline.nix @@ -34,8 +34,6 @@ in services.nginx = { virtualHosts."${domain}" = { - addSSL = true; - enableACME = true; root = "/srv/web/nightline"; extraConfig = '' index index.php index.html; diff --git a/modules/web/sharepic.nix b/modules/web/sharepic.nix index 765def0..0c5a51b 100644 --- a/modules/web/sharepic.nix +++ b/modules/web/sharepic.nix @@ -33,8 +33,6 @@ in enable = true; virtualHosts."${domain}" = { - addSSL = true; - enableACME = true; root = "/srv/web/sharepic"; extraConfig = '' index index.php index.html; diff --git a/modules/web/userdir.nix b/modules/web/userdir.nix index 0cbb055..ad40959 100644 --- a/modules/web/userdir.nix +++ b/modules/web/userdir.nix @@ -61,9 +61,6 @@ in }; services.nginx.virtualHosts.${domain} = { - enableACME = true; - forceSSL = true; - locations."/" = { proxyPass = "http://localhost:${toString port}"; extraConfig = '' diff --git a/modules/wiki/ese.nix b/modules/wiki/ese.nix index 09b02a7..7546517 100644 --- a/modules/wiki/ese.nix +++ b/modules/wiki/ese.nix @@ -30,8 +30,6 @@ in }; services.nginx = { virtualHosts."${domain}" = { - addSSL = true; - enableACME = true; root = "/srv/web/wiki.ese"; extraConfig = '' index index.php; diff --git a/modules/wiki/fsr.nix b/modules/wiki/fsr.nix index b078cf1..065a1c4 100644 --- a/modules/wiki/fsr.nix +++ b/modules/wiki/fsr.nix @@ -102,8 +102,6 @@ in nginx = { recommendedProxySettings = true; virtualHosts.${domain} = { - enableACME = true; - forceSSL = true; locations."/robots.txt" = { extraConfig = '' add_header Content-Type text/plain; diff --git a/modules/wiki/vernetzung.nix b/modules/wiki/vernetzung.nix index 567cda4..bd1a4a9 100644 --- a/modules/wiki/vernetzung.nix +++ b/modules/wiki/vernetzung.nix @@ -30,8 +30,6 @@ in }; services.nginx = { virtualHosts."${domain}" = { - addSSL = true; - enableACME = true; root = "/srv/web/vernetzung"; extraConfig = '' index index.php; diff --git a/modules/zammad.nix b/modules/zammad.nix index 7746aeb..fed019b 100644 --- a/modules/zammad.nix +++ b/modules/zammad.nix @@ -20,8 +20,6 @@ in ''; services.nginx.virtualHosts.${domain} = { - enableACME = true; - forceSSL = true; locations."/" = { proxyPass = "http://localhost:${toString config.services.zammad.port}"; };