!MthpOIxqJhTgrMNxDS:nixos.org

NixOS ACME / LetsEncrypt

93 Members
Another day, another cert renewal43 Servers

Load older messages

SenderMessageTime
3 Jul 2024
@sandro:supersandro.deSandro 🐧Darwin will always fail. Can be ignored here08:41:46
@sandro:supersandro.deSandro 🐧Merged08:43:17
4 Jul 2024
@philiptaron:matrix.orgPhilip Taron (UTC-8) joined the room.15:56:07
@soispha:vhack.euBenedikt changed their display name from Soispha to Benedikt.19:11:20
16 Jul 2024
@alex3829:matrix.org@alex3829:matrix.org left the room.23:17:05
23 Jul 2024
@ezzobirbezziou:matrix.orgEzzobir Bezziou joined the room.08:22:45
24 Jul 2024
@redstone-menace:matrix.orgRedstone changed their display name from redstone-menace to Redstone.10:15:25
2 Aug 2024
@emilazy:matrix.orgemilythe https://github.com/NixOS/nixpkgs/pull/322331 merge will block the channel08:28:21
@emilazy:matrix.orgemilyI will revert soon if nobody beats me to it08:28:28
@k900:0upti.meK900Aaaaand it did09:07:27
@k900:0upti.meK900https://hydra.nixos.org/build/268359229/nixlog/8/tail09:07:28
@emilazy:matrix.orgemilysorry for being too slow ^^;09:22:19
@emilazy:matrix.orgemilynot sure why that was merged. I guess I should have removed my approval when the test failures came up09:22:27
@arianvp:matrix.orgArianRedacted or Malformed Event12:27:01
@arianvp:matrix.orgArianRedacted or Malformed Event12:27:10
6 Sep 2024
@tdjordan:matrix.orgThom Jordan joined the room.18:23:56
16 Sep 2024
@silentlurker:matrix.orgsilentlurker joined the room.20:00:44
17 Sep 2024
@tomherbers:matrix.orgTom (deprecated) joined the room.21:10:33
1 Oct 2024
@-_o:matrix.org-_o joined the room.21:00:27
2 Oct 2024
@m1cr0man:m1cr0man.comm1cr0manHi folks. I have two PRs up for the test suite if anyone would like to review them :) https://github.com/NixOS/nixpkgs/pull/346023 https://github.com/NixOS/nixpkgs/pull/25026022:59:06
@m1cr0man:m1cr0man.comm1cr0manFinally added a note to the 24.11 feature freeze tracking, no blockers that I'm aware of. I did see https://github.com/NixOS/nixpkgs/issues/344684 also and was I'm in agreement that the fix needs to be upstream - or at least we try that first.23:07:20
@m1cr0man:m1cr0man.comm1cr0man * Finally added a note to the 24.11 feature freeze tracking, no blockers that I'm aware of. I did see https://github.com/NixOS/nixpkgs/issues/344684 also and I'm in agreement that the fix needs to be upstream - or at least we try that first.23:07:34
3 Oct 2024
@hexa:lossy.networkhexathanks for consistently improving the acme infrastructure over the years 🙂 23:53:10
@hexa:lossy.networkhexait is really one of the fun parts of using nixos23:53:32
7 Oct 2024
@lehmanator:tchncs.deSam Lehman changed their profile picture.14:24:48
18 Oct 2024
@sammy:cherrykitten.dev@sammy:cherrykitten.dev left the room.08:37:39
@os:matrix.flyingcircus.ioosnyx (he/him) Hi, it's me again with some weird edge cases in the acme management outcomes. Today: adding or removing acme-enabled vhosts in nginx causes the service to be restarted 😬 19:11:07
19 Oct 2024
@sandro:supersandro.deSandro 🐧
In reply to @os:matrix.flyingcircus.io
Hi, it's me again with some weird edge cases in the acme management outcomes. Today: adding or removing acme-enabled vhosts in nginx causes the service to be restarted 😬
fun fact: reloading nginx a bunch when using quic spits out error messages about ebpf requiring a restart 🫠 		02:31:02
@nakibrayan:matrix.imRayan Nakib (ريان نقيب) joined the room.08:15:42
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)

Hello, I am trying to setup my homelab using NixOS, but I am facing some problems with using my domain to acces my services, and adding ssl certs to my services.

This is my setup:

sops.secrets."MacBook-Pro-8-1/cloudflare-credentials" = {};
  security.acme = {
    acceptTerms = true;
    defaults.email = "nakibrayan@disroot.org";
    certs = {
      "transmission.homelab.nakibrayan.com" = {
        dnsProvider = "cloudflare";
        environmentFile = config.sops.secrets."MacBook-Pro-8-1/cloudflare-credentials".path;
        webroot = null;
      };
    };
  };

services.nginx = {
    enable = true;
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = false;
    recommendedGzipSettings = true;
    recommendedZstdSettings = false;
    recommendedBrotliSettings = false;
  };

{config, ...}: {
  environment.persistence."/persistent".directories = ["/var/lib/transmission"];

  services.nginx.virtualHosts."transmission.homelab.nakibrayan.com" = {
    enableACME = true;
    locations."/".proxyPass = "http://127.0.0.1:9091";
  };

  services.transmission = {
    enable = true;
    openRPCPort = true;
    settings = {
      rpc-bind-address = "0.0.0.0";
      rpc-whitelist = "127.0.0.1,192.168.*.*";
    };
  };
}

But when I can't acces my services through https://transmission.homelab.nakibrayan.com

08:20:00

Show newer messages

Back to Room ListRoom Version: 6