add media to ssl cert

2025-10-09 21:54:06 -05:00 · 2025-10-09 21:54:06 -05:00 · 160be6071e
commit 160be6071e
parent 24f6484496
5 changed files with 45 additions and 67 deletions
--- a/hosts/h001/nginx.nix
+++ b/hosts/h001/nginx.nix
@ -1,4 +1,5 @@
 {
+  config,
  ...
 }:
 let
@ -8,8 +9,21 @@ let
  };
 in
 {
-  security.acme.acceptTerms = true;
-  security.acme.defaults.email = "admin@joshuabell.xyz";
+  # TODO transfer these to o001 to use same certs?
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "admin@joshuabell.xyz";
+    certs."joshuabell.xyz" = {
+      domain = "joshuabell.xyz";
+      extraDomainNames = [ "*.joshuabell.xyz" ];
+      credentialFiles = {
+        LINODE_TOKEN_FILE = config.age.secrets.linode_rw_domains.path;
+      };
+      dnsProvider = "linode";
+      group = "nginx";
+    };
+  };
+
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
@ -45,6 +59,14 @@ in
          "/" = homarr;
        };
      };
+
+      "_" = {
+        rejectSSL = true;
+        default = true;
+        locations."/" = {
+          return = "444"; # 404 for not found or 444 for drop
+        };
+      };
    };
  };
 }