From 82872ee9a2ded85020fb7c3e22fe8264429bda7d Mon Sep 17 00:00:00 2001 From: Kopatz <7265381+Kropatz@users.noreply.github.com> Date: Fri, 27 Oct 2023 09:51:37 +0200 Subject: [PATCH] add selfsigned cert for nextcloud --- test-server/configuration.nix | 1 + test-server/modules/nextcloud.nix | 16 ++++++++++++++-- test-server/secrets/nextcloud-cert.age | Bin 0 -> 1683 bytes test-server/secrets/nextcloud-key.age | Bin 0 -> 2131 bytes test-server/secrets/secrets.nix | 2 ++ test-server/secrets/selfsigned-cert.sh | 2 ++ 6 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 test-server/secrets/nextcloud-cert.age create mode 100644 test-server/secrets/nextcloud-key.age create mode 100755 test-server/secrets/selfsigned-cert.sh diff --git a/test-server/configuration.nix b/test-server/configuration.nix index d3f7915..ffc7e5b 100644 --- a/test-server/configuration.nix +++ b/test-server/configuration.nix @@ -104,6 +104,7 @@ in{ restic hdparm wireguard-tools + openssl # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. # wget ]; diff --git a/test-server/modules/nextcloud.nix b/test-server/modules/nextcloud.nix index e0354cf..ee0ede4 100644 --- a/test-server/modules/nextcloud.nix +++ b/test-server/modules/nextcloud.nix @@ -1,6 +1,17 @@ { config, pkgs, lib, inputs, ... }: { - # Enable Nginx + + age.secrets.nextcloud-cert = { + file = ../secrets/nextcloud-cert.age; + owner = "nginx"; + group = "nginx"; + }; + age.secrets.nextcloud-key = { + file = ../secrets/nextcloud-key.age; + owner = "nginx"; + group = "nginx"; + }; + # Enable Nginx services.nginx = { enable = true; @@ -20,13 +31,14 @@ ## Force HTTP redirect to HTTPS #forceSSL = true; #sslTrustedCertificate = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; + sslCertificate = config.age.secrets.nextcloud-cert.path ; + sslCertificateKey = config.age.secrets.nextcloud-key.path ; ## LetsEncrypt #enableACME = true; }; }; }; - age.secrets.nextcloud-admin = { file = ../secrets/nextcloud-admin.age; owner = "nextcloud"; diff --git a/test-server/secrets/nextcloud-cert.age b/test-server/secrets/nextcloud-cert.age new file mode 100644 index 0000000000000000000000000000000000000000..b24c888c5be748034b779650be88e4962a33bcc3 GIT binary patch literal 1683 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyOmlYjEmug%4h=EM z@iGp#%=a`%OY$zO3U|qH33oHkNGlDlOiDL#4$KG%Eljm659KNe%k=kjiu5kX2zQN4 zHAxPvipUByHp?>zbSZK7@HfaP@lJ~JO7Tv14@I}lGtAf}J5V9eCppB-1sis+_AZ#4@eC)H2F9H#s%m%)>v#Afh5U zEw8XJ+`=+7G^aQ})zYgtG_R^8G8trBW@x&1q>+YhdQoa(aVnR&iMwTRQJ8;Zd7ev^ zVV043j%!4rU!_NqzFAPAews;AXpo_cL55?Ab6F~vuCA^^NpL%d}iaI0DwXCph$_pO<=zeBd)OuSj{?h4N7Zs<)_ntI*KRNQvyVf;sk!LQv zPVd~JCOY@7oK{M?pwo{J^V$z2WRz$r8ohgw%*e9fd*^2L8GQacPK!1=s0%#5{l}oL zubwl0Uf1)W_Gz(|h6!?v3A?w{Psm7ZndS2P*t*E z2B|81u~#d#Ltb1zw|jl;{fjEXjJ;bqw`AC_eQ)*8a^*_}mH8L+-?+GK?-$bjc*-{a z*2+nLf5cqQNU6A}c;DK?FHvEq|IIxI1H>JLWHk5arakLdy+5xY|CF2TbPv_(E=Sh& zeeDVeXY}D)Bi_3|VS~r(DqWMwF|#-hSLN%NZ|C;+n5-<#eX)s)sjxHlQq<+jBEQe- zu@kBvAD!N9u<+V#-v5V0ly7ud)W17n*=&03gox`Uu^t_BW{nF1=|gt%R_o%-ISFDiGkd`H*^KP{8s0D zYM2|UwRdgjX9uSj@6XkWZ~9Uew@A>@?*CN96$d3+_-0IUaZt^1+1Vr&;Ma(uypxvBqlyqbG;%7l3>C8y%HpLOijpMOqp%}XwiTSqkb z%l>TtxuVth(7e56eex_)Hqo|Px&N;1uw)M?Ip-6swD;m8=g`!tAAS46A6`}2^s?~y zg5`~erYya>ZTaKB?cQhi=>B0oqP%*!yG^$El6^1oeJdhQZ~i6BH9`AQscF`PGMA@u zLdz!HT=S82YR{>IZAXnu^0;pQ$Yz_-yf7i&?TyCyt5Y8A5Sj2?Cp3&N~Mmv z8}eV=A@kAg%e6(@&u*Kwe?xof!`~0eVvkQKlKQ_+uYZ4;t5f@>C3_7{PnTD;>hO@B z@q4-2-DT#o{StyE7n-m5?Ver`@ucpfjl+z@JzGQ0&gEcutm`GBT-Sc{$T!~%C0@hY zwe$Y2<~Z|WpUEbl&tcED{`TrnUGQMh_8n*aA3MbxUJj9Wo}Qkkw0YHx7jvKQN&1ld z%VE#XuT6=Kb^K}vyt>7bv>8516>q#}{5j&kXOQrxQ^9eI{&Q@ee&_F-g!=7mU1oIw zueAJT{n>cnsjJoG_+{*evzD!$e_5FIq}E4)l3Lni;}z7*v6KL7F3#M{rrLuX%V3hwm(e0I;Bql(Nj^SHlHJU8>Z z0N4t>bI*Fp6vRue50MAID^k@-!6`Xnt#DL zSC2f-*{gk;&#|@iUj3$~tS*z@x2G1TYi-}9Et}4w=E2dKq3-x>*KaLvn_mlS7oEH( zmV3nO+WpJ`pVnJ)v-&l{R9-ZEeSgV`S6XhpMc&WO za}$Q|drmKwaG6muwXf(zdI4+hIg{GLSC<`ri{3xXzjXPW%+?C_vS1%Yz9WnatL^!| g)R%V2$aP(>IZ~t_r=A`xB>HNP;Xhx^qcRqJ03m}FbN~PV literal 0 HcmV?d00001 diff --git a/test-server/secrets/nextcloud-key.age b/test-server/secrets/nextcloud-key.age new file mode 100644 index 0000000000000000000000000000000000000000..86b83aa884f07ec636a26a5d10faa1cf5e1289d9 GIT binary patch literal 2131 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyOmlYjEm!a@4NdYi zbju74a0$sR2zE8j&W>;?ay2pVFb}gZFmdxLH}Wjas>sN6cI477FY)v?$`5lj3o}U# z4N6L^3@^4Qb1E+kH3)O|GfRvzH_9&dFY+u2OGdZNGtAf}J5a&bBrw=GA}qr#C^9|B zHB8&gBd5&Wztp8NGc7bLv)s@)BFeL@z{tQi%af}z*WD~VSwAQR)nQ%vWc(1 zp<`vXzrR^UuCtGcr2&^~xS6GUAeXMLu7ZU@g@2`QRzO;&xtC*+c|oXYwqcl`bGmm> zlxvW_b7rcUeqy4wPhgT?HkVM>tf`J$SMN^L_`{RvpH%tAY*ol*(e@p8!(PQP5g zQu^td<6g%yK4dJa_>=U%^SqkLe8D60kFi@XXnri)c8BAkggN7^jnR3PA|cKXE^O5Z zxXo+!=X-2>nnCe%wzDU?)E#4Z9|zegM{<11Ketxz`Dc?whmM>~pVyzdJaFA_=^ZN5 zYUBO19zSMWa6`UNDg5tg-=haA$__9uQtEmb_f=P4&FAYg*}EIF{+@R7{Sdyw<3mWZ zCDXB*6ARkaYSt^ryY8Cuu3UX>Opn59)qfYc*so3c%WY&e<=`=Sx7LU^x;EW6jn6Va znB$e0#nU*c)Q?R~u1fXoOo4+MM{nKUZ|y8MUGRr$>+I|Wi(Q^}vbCMw*m9}O;aj-& zUM`;kvAqV*0yo$=K%9GwwF$sBowOCa(`l=zu&oB)2=L!qN}gkonpSc z`N!AN`sv1vcTH>EJmPJpbX?yM_gnw>qo_$ze9Ws)Y0jEB=V(PMD^ID@!-wsXH!Tz7 z8;maseB582+ND05FJ&2{YNy$Yz8T(@SziqNwSG<#`})6MNLO&@fA4M4XVcD9tvQzz zcyPgc<~auQ-qc)pk^j}8_2km2YUieHbl+(i{N(xqjm={f9@T8nw;i&%=XK-#G_A@&3Io6G0uCQnU-ENwRvxt)1?z^vMx~yB-Blz$8 zJw@Nh#N(0Q1b9j}ZxwFoUL;hI_@U*<>DRrlllIumPXCc~*fyZ=hU)KgY`^qQvtNn3 zdA-bEK>yf{8j-_iGV`it^^`C1*t_`9eTON=bJlF;{pS1o>uVi$PhA(CkwMz5dQy%R$yuEc=kE6)!s^^CzT12)walcDYxtdd(qnY46#ct(GXYCs& z^Z5R1u6H^VzxK4q<9P;8PE6l>*Y1b+j4t$OLo#I>bR&85Qmd+zmc5teD~ zDS`JIi?ZVPxMUsvxHTy_=j%H6h7B=m8W^_cI0%=>faHZAqq?fA{e=e5w?t-*?0nrg&)D`ZmQRYmWuo}afPpxY)nIa6xO z$<>W--m;xE7Q5kBXvUrO%cephy#LyVX*;L>atTsDwpw9fX}0Xt=a;KLeg2r;`dpLo z=+}eO9JdMVSa+>8;bH3W?kDFmJacL`DP|nsdGFRvg*R&jjnxaKK5d)&>gJ`tn=(zN z+*&$2^5W}%{8I{_8wOSy1mzhoNln_6!pg!Mw}0wu1wk_pJJU_<+nT<%+)kJ(I$ykI z=EqepC#*UucX