add live harbor cfg

2025-04-05 02:22:32 +02:00
parent fb8682b0b0
commit 7a3bb5cc82
3 changed files with 36 additions and 15 deletions
--- a/modules/services/nextcloud-instance.nix
+++ b/modules/services/nextcloud-instance.nix
@@ -65,17 +65,34 @@ in {
      };
    };

-    # SSL setup
-    services.nginx.virtualHosts.${cfg.instanceFQDN} = lib.mkIf cfg.ssl {
-      forceSSL = true;
-      enableACME = true;
+    # Fallback server with only 403
+    services.nginx.virtualHosts.${config.networking.domain} = lib.mkDefault {
+      default = true;
+      locations."/".return = 403;
+      forceSSL = cfg.ssl;
+      enableACME = cfg.ssl;
    };
+
+    # Webserver setup with optional SSL
+    services.nginx.virtualHosts.${cfg.instanceFQDN} =
+      if cfg.ssl
+      then {
+        forceSSL = true;
+        enableACME = true;
+      }
+      else {
+        listen = [
+          {
+            addr = "0.0.0.0";
+            port = 80;
+          }
+        ];
+      };
    security.acme = lib.mkIf cfg.ssl {
      acceptTerms = true;
-      certs = {
-        ${cfg.instanceFQDN}.email = "jonas.roeger+acme@gmail.com";
-      };
+      defaults.email = "jonas.roeger+acme@gmail.com";
    };
+    networking.firewall.allowedTCPPorts = [80] ++ lib.optional cfg.ssl 443;

    # DB setup
    services.postgresql = {