Add internal CA
All checks were successful
Run nix flake check / flake-check (push) Successful in 3m31s
All checks were successful
Run nix flake check / flake-check (push) Successful in 3m31s
This commit is contained in:
parent
d16a35acb4
commit
5844e7b32b
SSH Key Fingerprint:
SHA256:KjAds8wHfD2mBYK2H815s/+ABcSdcIHUndwHEdSxml4
@ -3,33 +3,37 @@
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
configFile = pkgs.writeText "Caddyfile" ''
|
||||
http://nzbget.home.2rjus.net {
|
||||
{
|
||||
acme_ca https://ca.home.2rjus.net/acme/acme/directory
|
||||
}
|
||||
|
||||
nzbget.home.2rjus.net {
|
||||
log {
|
||||
output file /var/log/caddy/nzbget.log
|
||||
}
|
||||
reverse_proxy http://nzbget-jail.home.2rjus.net:6789
|
||||
}
|
||||
|
||||
http://radarr.home.2rjus.net {
|
||||
radarr.home.2rjus.net {
|
||||
log {
|
||||
output file /var/log/caddy/radarr.log
|
||||
}
|
||||
reverse_proxy http://radarr-jail.home.2rjus.net:7878
|
||||
}
|
||||
|
||||
http://sonarr.home.2rjus.net {
|
||||
sonarr.home.2rjus.net {
|
||||
log {
|
||||
output file /var/log/caddy/sonarr.log
|
||||
}
|
||||
reverse_proxy http://sonarr-jail.home.2rjus.net:8989
|
||||
}
|
||||
http://ha.home.2rjus.net {
|
||||
ha.home.2rjus.net {
|
||||
log {
|
||||
output file /var/log/caddy/ha.log
|
||||
}
|
||||
reverse_proxy http://ha1.home.2rjus.net:8123
|
||||
}
|
||||
http://z2m.home.2rjus.net {
|
||||
z2m.home.2rjus.net {
|
||||
log {
|
||||
output file /var/log/caddy/z2m.log
|
||||
}
|
||||
|
||||
@ -4,6 +4,7 @@
|
||||
./monitoring.nix
|
||||
./packages.nix
|
||||
./root-user.nix
|
||||
./root-ca.nix
|
||||
./sops.nix
|
||||
./sshd.nix
|
||||
./weekly-rebuild.nix
|
||||
|
||||
12
system/root-ca.crt
Normal file
12
system/root-ca.crt
Normal file
@ -0,0 +1,12 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIBxDCCAWmgAwIBAgIQQCSzuOLIKLj1dGbC+NFttjAKBggqhkjOPQQDAjBAMRow
|
||||
GAYDVQQKExFob21lLjJyanVzLm5ldCBDQTEiMCAGA1UEAxMZaG9tZS4ycmp1cy5u
|
||||
ZXQgQ0EgUm9vdCBDQTAeFw0yNDEwMjEwOTEyNDRaFw0zNDEwMTkwOTEyNDRaMEAx
|
||||
GjAYBgNVBAoTEWhvbWUuMnJqdXMubmV0IENBMSIwIAYDVQQDExlob21lLjJyanVz
|
||||
Lm5ldCBDQSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGDE4ss9y
|
||||
9msphQ/Sa/tAoEaGoDHQcg5oRcxWL5SZYjUPNl+zbRZzqkvCz2S1XrHJPiPWbyJX
|
||||
cZAlPxbwZrWDyKNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
|
||||
AQEwHQYDVR0OBBYEFPZx6AahX5diBMChZbv5N4dh+vCTMAoGCCqGSM49BAMCA0kA
|
||||
MEYCIQC6yqMM9/s1Dct5jlq0NAGsDA68hVTDcO3RP61lxQlfBwIhAL1jlmIwaSJc
|
||||
TjdIMjPQ3ombBRqDJBDvDr8o6oOUjret
|
||||
-----END CERTIFICATE-----
|
||||
9
system/root-ca.nix
Normal file
9
system/root-ca.nix
Normal file
@ -0,0 +1,9 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
security.pki = {
|
||||
certificateFiles = [
|
||||
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
./root-ca.crt
|
||||
];
|
||||
};
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user