Refactored how SSL certs are configured for nginx

Made a separate ACME module to handle requesting certs from multiple machines. Right now, the module only supports exactly one wildcard cert. It might make sense to have cache.kilonull.com use a cert specific to its subdomain rather than also requesting a wildcard cert (or maybe the nginx on its host shouldn't care about TLS and it should be node's responsibility).
2023-07-16 10:53:02 -07:00 · 2023-07-16 10:53:02 -07:00 · d5969ca923
commit d5969ca923
parent 60917107b1
9 changed files with 128 additions and 41 deletions
--- a/modules/nix/default.nix
+++ b/modules/nix/default.nix
@ -7,7 +7,7 @@
 }:
 with lib; let
  cfg = config.aa.nix;
-  selfHostedCacheHost = "http://192.168.113.69/";
+  selfHostedCacheHost = "https://cache.kilonull.com/";
 in {
  options.aa.nix = with types; {
    enable = mkEnableOption "manage nix configuration.";