]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo/nginx/sourcephile.fr.nix
security: no longer depend upon upstream's hardening
[sourcephile-nix.git] / machines / losurdo / nginx / sourcephile.fr.nix
1 { pkgs, lib, config, ... }:
2 let domain = "sourcephile.fr"; in
3 {
4 imports = map (m: import m {inherit domain;}) [
5 sourcephile.fr/losurdo.nix
6 sourcephile.fr/cryptpad.nix
7 ];
8 security.acme.certs."${domain}" = {
9 postRun = "systemctl reload nginx";
10 };
11 systemd.services.nginx = {
12 wants = [ "acme-selfsigned-${domain}.service" "acme-${domain}.service"];
13 after = [ "acme-selfsigned-${domain}.service" ];
14 };
15 }