ssl for all

2026-01-11 17:54:08 -05:00 · 2025-02-02 17:25:38 -05:00 · 2025-02-02 17:25:38 -05:00 · f871f979a1
commit f871f979a1
parent 49c0239b48
4 changed files with 11 additions and 0 deletions
--- a/modules/users/overseer/acme.nix
+++ b/modules/users/overseer/acme.nix
@ -37,6 +37,9 @@ lib.mkIf config.user.overseer.enable {
    };
    certs = {
      "bar.wanderingcrow.net" = {};
+      "home.wanderingcrow.net" = {};
+      "homebox.wanderingcrow.net" = {};
+      "bookstack.wanderingcrow.net" = {};
    };
  };
 }
--- a/modules/users/overseer/services/bookstack.nix
+++ b/modules/users/overseer/services/bookstack.nix
@ -33,5 +33,9 @@ in
        hostname = "bookstack.wanderingcrow.net";
        database.createLocally = true;
        appKeyFile = config.sops.secrets."bookstack/key".path;
+        nginx = {
+          forceSSL = true;
+          useACMEHost = "bookstack.wanderingcrow.net";
+        };
      };
    }
--- a/modules/users/overseer/services/homebox.nix
+++ b/modules/users/overseer/services/homebox.nix
@ -23,6 +23,8 @@ lib.mkIf config.user.overseer.enable {
      recommendedProxySettings = true;
      virtualHosts = {
        "homebox.wanderingcrow.net" = {
+          forceSSL = true;
+          useACMEHost = "homebox.wanderingcrow.net";
          locations."/" = {
            proxyPass = "http://localhost:7745";
            proxyWebsockets = true;
--- a/modules/users/overseer/services/homepage.nix
+++ b/modules/users/overseer/services/homepage.nix
@ -19,6 +19,8 @@ lib.mkIf config.user.overseer.enable {
    recommendedProxySettings = true;
    virtualHosts = {
      "home.wanderingcrow.net" = {
+        forceSSL = true;
+        useACMEHost = "home.wanderingcrow.net";
        locations."/" = {
          extraConfig = ''
            allow 192.168.0.0/16;