💾 Archived View for gemini.spam.works › users › emery › nixos-hosting.gmi captured on 2020-10-31 at 00:49:16. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
NixOS has a module for configuring the Molly Brown server in nixos-unstable (the nixos-unstable sometime before nixos-20.09).
The Nix configuration for serving this gemlog is roughly as follows:
{ config, ... }:
let fqdn = "gemini.spam.works";
in {
networking.firewall.allowedTCPPorts =
[ 80 443 config.services.molly-brown.settings.Port ];
services.molly-brown = {
enable = true;
hostName = fqdn;
certPath = "/var/lib/acme/${fqdn}/cert.pem";
keyPath = "/var/lib/acme/${fqdn}/key.pem";
docBase = "/srv/gemini";
};
services.nginx = {
enable = true;
virtualHosts.${fqdn} = {
enableACME = true;
locations."/".return = "301 gemini://" + fqdn;
};
};
security.acme.certs.${fqdn}.allowKeysForGroup = true;
systemd.services.molly-brown.serviceConfig.SupplementaryGroups =
[ config.security.acme.certs.${fqdn}.group ];
}
The trick to getting TLS to work is to instantiate an nginx server that letsencrypt can hit and reuse that certificate.