317 current 2025-10-11 19:17:32 25.05.20251006.20c4598 6.12.50 *

2025-10-11 19:35:09 -05:00
parent 9bfae91d90
commit c9840ed29e
3 changed files with 29 additions and 9 deletions
--- a/modules/homelab/services/nginx-proxy/default.nix
+++ b/modules/homelab/services/nginx-proxy/default.nix
@@ -2,6 +2,7 @@

 let
  cfg = config.modules.homelab.nginx-proxy;
+  homelab = config.modules.homelab
 in
 {
  options.modules.homelab.nginx-proxy = {
@@ -21,6 +22,17 @@ in
      defaults.email = "me@blakedheld.xyz";
    };

+    # static entries
+    services.nginx.virtualHosts."key.${homelab.public_domain}" = {
+      forceSSL = true;
+      sslCertificate = sec."ssl_blakedheld_crt".path;
+      sslCertificateKey = sec."ssl_blakedheld_key".path;
+      locations."/" = {
+        root = "/etc/webroot_keys";
+        index = "klefki_pub.asc";
+      };
+    };
+
    # nginx secrets
    sops.secrets = {
      "ssl_blakedheld_crt" = {
@@ -32,6 +44,12 @@ in
      "ssl_blakedheld_key" = {
        owner = "nginx";
        group = "nginx";
+#        neededForUsers = true;
+      };
+      "klefki_pubkey.asc" = {
+        owner = "nginx";
+        group = "nginx";
+        path = "/etc/webroot_keys/klefki_pub.asc";
 #        neededForUsers = true;
      };
    };