2 Aug 2024 |
Arian | Redacted or Malformed Event | 12:27:10 |
6 Sep 2024 |
| Thom Jordan joined the room. | 18:23:56 |
16 Sep 2024 |
| silentlurker joined the room. | 20:00:44 |
17 Sep 2024 |
| Tom (deprecated) joined the room. | 21:10:33 |
1 Oct 2024 |
| -_o joined the room. | 21:00:27 |
2 Oct 2024 |
m1cr0man | Hi folks. I have two PRs up for the test suite if anyone would like to review them :) https://github.com/NixOS/nixpkgs/pull/346023 https://github.com/NixOS/nixpkgs/pull/250260 | 22:59:06 |
m1cr0man | Finally added a note to the 24.11 feature freeze tracking, no blockers that I'm aware of. I did see https://github.com/NixOS/nixpkgs/issues/344684 also and was I'm in agreement that the fix needs to be upstream - or at least we try that first. | 23:07:20 |
m1cr0man | * Finally added a note to the 24.11 feature freeze tracking, no blockers that I'm aware of. I did see https://github.com/NixOS/nixpkgs/issues/344684 also and I'm in agreement that the fix needs to be upstream - or at least we try that first. | 23:07:34 |
3 Oct 2024 |
hexa | thanks for consistently improving the acme infrastructure over the years 🙂 | 23:53:10 |
hexa | it is really one of the fun parts of using nixos | 23:53:32 |
7 Oct 2024 |
| Sam Lehman changed their profile picture. | 14:24:48 |
18 Oct 2024 |
| @sammy:cherrykitten.dev left the room. | 08:37:39 |
osnyx (he/him) | Hi, it's me again with some weird edge cases in the acme management outcomes. Today: adding or removing acme-enabled vhosts in nginx causes the service to be restarted 😬 | 19:11:07 |
19 Oct 2024 |
Sandro 🐧 | In reply to @os:matrix.flyingcircus.io Hi, it's me again with some weird edge cases in the acme management outcomes. Today: adding or removing acme-enabled vhosts in nginx causes the service to be restarted 😬 fun fact: reloading nginx a bunch when using quic spits out error messages about ebpf requiring a restart 🫠 | 02:31:02 |
| Rayan Nakib (ريان نقيب) joined the room. | 08:15:42 |
Rayan Nakib (ريان نقيب) | Hello, I am trying to setup my homelab using NixOS, but I am facing some problems with using my domain to acces my services, and adding ssl certs to my services.
This is my setup:
sops.secrets."MacBook-Pro-8-1/cloudflare-credentials" = {};
security.acme = {
acceptTerms = true;
defaults.email = "nakibrayan@disroot.org";
certs = {
"transmission.homelab.nakibrayan.com" = {
dnsProvider = "cloudflare";
environmentFile = config.sops.secrets."MacBook-Pro-8-1/cloudflare-credentials".path;
webroot = null;
};
};
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = false;
recommendedGzipSettings = true;
recommendedZstdSettings = false;
recommendedBrotliSettings = false;
};
{config, ...}: {
environment.persistence."/persistent".directories = ["/var/lib/transmission"];
services.nginx.virtualHosts."transmission.homelab.nakibrayan.com" = {
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:9091";
};
services.transmission = {
enable = true;
openRPCPort = true;
settings = {
rpc-bind-address = "0.0.0.0";
rpc-whitelist = "127.0.0.1,192.168.*.*";
};
};
}
But when I can't acces my services through https://transmission.homelab.nakibrayan.com
| 08:20:00 |
Rayan Nakib (ريان نقيب) | Download 20241019_085330.png | 08:20:14 |
Rayan Nakib (ريان نقيب) | This ☝️ is my DNS setup | 08:20:23 |
Rayan Nakib (ريان نقيب) | And when I don't set webroot = null; in ACME config, I get this error:
error:
┃ Failed assertions:
┃ - Exactly one of the options
┃ `security.acme.certs.transmission.homelab.nakibrayan.com.dnsProvider`,
┃ `security.acme.certs.transmission.homelab.nakibrayan.com.webroot`,
┃ `security.acme.certs.transmission.homelab.nakibrayan.com.listenHTTP` and
┃ `security.acme.certs.transmission.homelab.nakibrayan.com.s3Bucket`
┃ is required.
┃ Current values: {
┃ dnsProvider = "cloudflare";
┃ listenHTTP = null;
┃ s3Bucket = null;
┃ webroot = "/var/lib/acme/acme-challenge";
| 08:23:14 |
Rayan Nakib (ريان نقيب) | how can I get a wildcard cert for *.domain.duckdns.org | 15:41:40 |
Rayan Nakib (ريان نقيب) | and use it in my reverse proxy? | 15:41:47 |
K900 | You can't | 15:46:57 |
K900 | Unless DuckDNS provides arbitrary TXT records | 15:47:04 |
K900 | The only way to get a wildcard ACME cert is a DNS challenge, which require adding a TXT record to the domain root | 15:47:19 |
Rayan Nakib (ريان نقيب) | https://www.youtube.com/watch?v=qlcVx-k-02E&pp=ygUVd29sZmdhbmdzIGNoYW5lbGwgc3Ns | 15:48:27 |
Rayan Nakib (ريان نقيب) | in the video, the youtuber did it using nginx proxy manger, and without adding any txt records | 15:48:51 |
Rayan Nakib (ريان نقيب) | * In this ☝️ video, The youtuber did it using nginx proxy manger, And without adding any TXT records. | 15:49:16 |
K900 | They're using Cloudflare for DNS | 15:51:02 |
K900 | Not DuckDNS | 15:51:07 |
Rayan Nakib (ريان نقيب) | no, they used DuckDNS | 15:51:26 |