From 97d9eecd3cd173faeb13aa4ac593537b14bec8df Mon Sep 17 00:00:00 2001 From: arcnmx Date: Wed, 13 Mar 2024 11:34:04 -0700 Subject: [PATCH] chore(idp): clean up ssl config a little --- nixos/access/freeipa.nix | 6 ++++++ systems/hakurei/nixos.nix | 9 +-------- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/nixos/access/freeipa.nix b/nixos/access/freeipa.nix index 0f38927c..64a5dc35 100644 --- a/nixos/access/freeipa.nix +++ b/nixos/access/freeipa.nix @@ -181,13 +181,19 @@ in { virtualHosts = { ${access.domain} = { inherit locations extraConfig; + inherit (access) useACMEHost; + forceSSL = mkDefault (access.useACMEHost != null); }; ${access.globalDomain} = { inherit locations extraConfig; + inherit (access) useACMEHost; + forceSSL = mkDefault (access.useACMEHost != null || virtualHosts.${access.domain}.forceSSL); }; ${access.caDomain} = { locations = caLocations; inherit extraConfig; + inherit (access) useACMEHost; + forceSSL = mkDefault (access.useACMEHost != null || virtualHosts.${access.domain}.forceSSL); }; ${access.localDomain} = { inherit (virtualHosts.${access.domain}) useACMEHost; diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix index d79ac051..59baf6df 100644 --- a/systems/hakurei/nixos.nix +++ b/systems/hakurei/nixos.nix @@ -180,6 +180,7 @@ in { useACMEHost = access.unifi.domain; }; access.freeipa = { + useACMEHost = access.freeipa.domain; host = "idp.local.${config.networking.domain}"; kerberos.ports.kpasswd = 464; }; @@ -197,14 +198,6 @@ in { ${access.kanidm.domain} = { useACMEHost = access.kanidm.domain; }; - ${access.freeipa.domain} = { - forceSSL = true; - useACMEHost = access.freeipa.domain; - }; - ${access.freeipa.caDomain} = { - forceSSL = true; - useACMEHost = access.freeipa.domain; - }; ${access.freepbx.domain} = { local.enable = true; };