From 8d08c5b7c0d742411672a573f558f266c9279323 Mon Sep 17 00:00:00 2001 From: ibizaman Date: Fri, 17 Nov 2023 22:51:35 -0800 Subject: [PATCH] force ssl for home assistant only if ssl is enabled --- modules/home-assistant.nix | 6 +++--- modules/ldap.nix | 6 +++--- modules/nginx.nix | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/home-assistant.nix b/modules/home-assistant.nix index 32d5235..7c49545 100644 --- a/modules/home-assistant.nix +++ b/modules/home-assistant.nix @@ -144,10 +144,10 @@ in }; services.nginx.virtualHosts."${fqdn}" = { - forceSSL = true; + forceSSL = lib.mkIf config.shb.ssl.enable true; http2 = true; - sslCertificate = "/var/lib/acme/${cfg.domain}/cert.pem"; - sslCertificateKey = "/var/lib/acme/${cfg.domain}/key.pem"; + sslCertificate = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/cert.pem"; + sslCertificateKey = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/key.pem"; extraConfig = '' proxy_buffering off; ''; diff --git a/modules/ldap.nix b/modules/ldap.nix index 681ed8b..bc29800 100644 --- a/modules/ldap.nix +++ b/modules/ldap.nix @@ -73,9 +73,9 @@ in enable = true; virtualHosts.${fqdn} = { - forceSSL = true; - sslCertificate = "/var/lib/acme/${cfg.domain}/cert.pem"; - sslCertificateKey = "/var/lib/acme/${cfg.domain}/key.pem"; + forceSSL = lib.mkIf config.shb.ssl.enable true; + sslCertificate = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/cert.pem"; + sslCertificateKey = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${cfg.domain}/key.pem"; locations."/" = { extraConfig = '' proxy_set_header Host $host; diff --git a/modules/nginx.nix b/modules/nginx.nix index b9728ab..ff4bde0 100644 --- a/modules/nginx.nix +++ b/modules/nginx.nix @@ -99,9 +99,9 @@ in let vhostCfg = c: { ${fqdn c} = { - forceSSL = true; - sslCertificate = "/var/lib/acme/${c.domain}/cert.pem"; - sslCertificateKey = "/var/lib/acme/${c.domain}/key.pem"; + forceSSL = lib.mkIf config.shb.ssl.enable true; + sslCertificate = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${c.domain}/cert.pem"; + sslCertificateKey = lib.mkIf config.shb.ssl.enable "/var/lib/acme/${c.domain}/key.pem"; # Taken from https://github.com/authelia/authelia/issues/178 locations."/".extraConfig = ''