chore(web-servers): switch to staging letsencrypt

2025-06-13 02:03:58 +08:00 · 2025-06-13 02:03:58 +08:00 · 1912666242
commit 1912666242
parent 17dc383a97
3 changed files with 4 additions and 11 deletions
--- a/modules/nixos/server/web-servers/default.nix
+++ b/modules/nixos/server/web-servers/default.nix
@ -14,10 +14,10 @@ in
        acceptTerms = true;
        defaults = {
          inherit (config.system.mainUser) email;
+          #TODO: switch back to production environment
+          server = "https://acme-staging-v02.api.letsencrypt.org/directory";
          dnsProvider = "cloudflare";
-          credentialFiles = {
-            "CLOUDFLARE_DNS_API_TOKEN_FILE" = config.sops.secrets."keys/cloudflare".path;
-          };
+          credentialFiles."CLOUDFLARE_DNS_API_TOKEN_FILE" = config.sops.secrets."keys/cloudflare".path;
        };
      };
    })
--- a/modules/nixos/server/web-servers/nginx/default.nix
+++ b/modules/nixos/server/web-servers/nginx/default.nix
@ -52,18 +52,10 @@ in
            extraConfig = lib.mkOption {
              type = attrs;
              default = { };
-              description = "Will be added to locations.\"/\"";
            };
          };
        });
      default = [ ];
-      example = [
-        {
-          source = "chat.bwfiq.com";
-          target = "http://helios:3080";
-          extraConfig = { };
-        }
-      ];
    };
  };

--- a/systems/x86_64-linux/apollo/default.nix
+++ b/systems/x86_64-linux/apollo/default.nix
@ -32,6 +32,7 @@
      mattermost.url = "mm.bwfiq.com";
    };
    web-servers = {
+      enableSSL = true;
      nginx = {
        enable = true;
        proxies = [