dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: step ca for nextcloud

Browse source
This commit is contained in:
DACHXY 2025-04-26 21:09:10 +08:00
parent b655f6ad4e
commit d6e8e23d3b
7 changed files with 110 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

22
system/dev/dn-server/nginx.nix
View file

@ -1,30 +1,8 @@
{
config,
lib,
...
}:
{
services.nginx = {
enable = true;
virtualHosts = {
${config.services.nextcloud.hostName} = {
listen = lib.mkForce [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
];
forceSSL = true;
sslCertificate = "/var/lib/acme/net.dn.crt";
sslCertificateKey = "/var/lib/acme/net.dn.key";
sslTrustedCertificate = "/var/lib/acme/net.dn.crt";
extraConfig = ''
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
'';
};
};
};
}