services: use subdomain for ACME cert

Avoids conflicts now that I have multiple servers sharing the config
2022-06-12 17:18:58 +02:00 · 2022-06-12 17:18:58 +02:00 · 990c035c3b
commit 990c035c3b
parent baa239dc72
13 changed files with 72 additions and 18 deletions
--- a/services/monitoring.nix
+++ b/services/monitoring.nix
@ -13,6 +13,8 @@

  cfg = config.my.services.monitoring;
  domain = config.networking.domain;
+  hostname = config.networking.hostName;
+  fqdn = "${hostname}.${domain}";
 in {
  options.my.services.monitoring = let
    inherit (lib) types;
@ -103,15 +105,17 @@ in {
    };

    services.nginx = {
-      virtualHosts.${config.services.grafana.domain} = {
+      virtualHosts.${cfg.domain} = {
        locations."/" = {
          proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
          proxyWebsockets = true;
        };

        forceSSL = true;
-        useACMEHost = domain;
+        useACMEHost = fqdn;
      };
    };
+
+    security.acme.certs.${fqdn}.extraDomainNames = [cfg.domain];
  };
 }