jet/extremist-software
jet/extremist-software
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: fix qemu onto hetzner and fix mailserver

Browse source
This commit is contained in:
Jet Pham 2026-02-20 02:46:08 -08:00
parent d800c6a180
commit afd3360582
No known key found for this signature in database
5 changed files with 77 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

36
modules/caddy.nix
View file

@ -3,10 +3,18 @@
{
services.caddy = {
enable = true;
email = "postmaster@extremist.software";
virtualHosts = {
"extremist.software" = {
useACMEHost = "extremist.software";
extraConfig = ''
respond "Hi"
handle /.well-known/acme-challenge/* {
root * /var/lib/acme/acme-challenge
file_server
}
handle {
respond "Hi"
}
'';
};
@ -17,10 +25,15 @@
};
"mail.extremist.software" = {
# Stalwart handles its own certs usually, or we can proxy UI here
# Stalwart UI is usually on 8080
useACMEHost = "extremist.software";
extraConfig = ''
reverse_proxy localhost:8080
handle /.well-known/acme-challenge/* {
root * /var/lib/acme/acme-challenge
file_server
}
handle {
reverse_proxy localhost:8080
}
'';
};
@ -45,5 +58,20 @@
};
};
# Configure ACME to fetch Let's Encrypt certificates so they can be shared with other services like Stalwart
security.acme = {
acceptTerms = true;
defaults.email = "postmaster@extremist.software";
defaults.server = "https://acme-v02.api.letsencrypt.org/directory";
certs."extremist.software" = {
webroot = "/var/lib/acme/acme-challenge";
extraDomainNames = [ "mail.extremist.software" ];
group = "acme";
};
};
# Ensure Caddy can read the certs too now that they are in the acme group
users.users.caddy.extraGroups = [ "acme" ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
}