extend withWww to philippeterson.com and coldairnetworks.com; drop fbksdigital

- philippeterson.com and coldairnetworks.com now use withWww, fixing the same
  www.* cert-mismatch problem that affected pdxdestiny.com
- fbksdigital.com vhost removed (disabled for now)
- ACME cyclic dependency list updated accordingly

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Philip Peterson 2026-05-28 15:47:02 -08:00
parent 2624efbde8
commit 6e15ad142d
2 changed files with 67 additions and 105 deletions

View file

@ -375,15 +375,15 @@ in {
systemd.services.nginx.after = lib.mkForce [ systemd.services.nginx.after = lib.mkForce [
"network.target" "network.target"
"acme-selfsigned-coldairnetworks.com.service" "acme-selfsigned-coldairnetworks.com.service"
"acme-selfsigned-fbksdigital.com.service" "acme-selfsigned-www.coldairnetworks.com.service"
"acme-selfsigned-forge.quinefoundation.com.service" "acme-selfsigned-forge.quinefoundation.com.service"
"acme-selfsigned-hyper.quineglobal.com.service" "acme-selfsigned-hyper.quineglobal.com.service"
"acme-selfsigned-pdxdestiny.com.service" "acme-selfsigned-pdxdestiny.com.service"
"acme-selfsigned-www.pdxdestiny.com.service" "acme-selfsigned-www.pdxdestiny.com.service"
"acme-selfsigned-philippeterson.com.service" "acme-selfsigned-philippeterson.com.service"
"acme-selfsigned-www.philippeterson.com.service"
"acme-selfsigned-riverside.coldairnetworks.com.service" "acme-selfsigned-riverside.coldairnetworks.com.service"
"acme-selfsigned-vnc.quinefoundation.com.service" "acme-selfsigned-vnc.quinefoundation.com.service"
"acme-selfsigned-webdav.philippeterson.com.service" "acme-selfsigned-webdav.philippeterson.com.service"
"acme-selfsigned-www.philippeterson.com.service"
]; ];
} }

View file

@ -41,109 +41,6 @@
}; };
"fbksdigital.com" = {
enableACME = true; # Enable Let's Encrypt certificate for HTTPS
forceSSL = false; # Redirect HTTP to HTTPS?
addSSL = true;
root = "/dev/null";
locations."/" = {
extraConfig = ''
return 301 http://fbksdigital.lpages.co/fbksdigital/;
'';
};
};
"www.philippeterson.com" = {
enableACME = true;
forceSSL = false;
addSSL = true;
locations."/" = {
extraConfig = ''
return 301 https://philippeterson.com$request_uri;
'';
};
};
"philippeterson.com" = {
enableACME = true;
forceSSL = false;
addSSL = true;
root = "/etc/pullomatic/com_philippeterson";
locations."~ /.git(/.*)$ " = {
extraConfig = ''
deny all;
return 404;
'';
};
locations."/games/atcsim" = {
extraConfig = ''
return 301 /games/atcsim/;
'';
};
locations."~ ^/games/atcsim(/[^/\\s]*)*$" = {
extraConfig = ''
index index.html index.htm;
rewrite ^/games/atcsim/?$ "/index.html" break;
rewrite ^/games/atcsim(?<query>(/[^/\\s]*)*)$ "$query" break;
root /etc/pullomatic/atcsim;
'';
};
locations."/portfolio" = {
extraConfig = ''
return 301 /portfolio/;
'';
};
locations."~ ^/portfolio/" = {
extraConfig = ''
index index.html index.htm;
rewrite ^/portfolio/?$ "/index.html" break;
rewrite ^/portfolio(?<query>(/[^/\\s]*)*)$ "$query" break;
root /etc/pullomatic/my-portfolio;
'';
};
locations."~ ^/echo(?<query>((/[^/\\s]*)*))$" = {
extraConfig = ''
add_header Content-Type text/plain;
return 200 "$query";
'';
};
locations."/" = {
extraConfig = ''
try_files $uri $uri.php $uri/ =404;
index index.php index.html index.htm;
rewrite ^/contact$ /contact.php last;
rewrite ^/resume$ /resume.php last;
'';
};
locations."~ \.php$" = {
extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.main.socket};
'';
};
};
"coldairnetworks.com" = {
enableACME = true;
forceSSL = false;
addSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3012/";
};
};
"blog.quineglobal.com" = { "blog.quineglobal.com" = {
enableACME = false; enableACME = false;
@ -271,6 +168,71 @@
forceSSL = false; forceSSL = false;
addSSL = true; addSSL = true;
root = pdxDestinyRoot; root = pdxDestinyRoot;
}) // (withWww "philippeterson.com" {
enableACME = true;
forceSSL = false;
addSSL = true;
root = "/etc/pullomatic/com_philippeterson";
locations."~ /.git(/.*)$ " = {
extraConfig = ''
deny all;
return 404;
'';
};
locations."/games/atcsim" = {
extraConfig = ''
return 301 /games/atcsim/;
'';
};
locations."~ ^/games/atcsim(/[^/\\s]*)*$" = {
extraConfig = ''
index index.html index.htm;
rewrite ^/games/atcsim/?$ "/index.html" break;
rewrite ^/games/atcsim(?<query>(/[^/\\s]*)*)$ "$query" break;
root /etc/pullomatic/atcsim;
'';
};
locations."/portfolio" = {
extraConfig = ''
return 301 /portfolio/;
'';
};
locations."~ ^/portfolio/" = {
extraConfig = ''
index index.html index.htm;
rewrite ^/portfolio/?$ "/index.html" break;
rewrite ^/portfolio(?<query>(/[^/\\s]*)*)$ "$query" break;
root /etc/pullomatic/my-portfolio;
'';
};
locations."~ ^/echo(?<query>((/[^/\\s]*)*))$" = {
extraConfig = ''
add_header Content-Type text/plain;
return 200 "$query";
'';
};
locations."/" = {
extraConfig = ''
try_files $uri $uri.php $uri/ =404;
index index.php index.html index.htm;
rewrite ^/contact$ /contact.php last;
rewrite ^/resume$ /resume.php last;
'';
};
locations."~ \.php$" = {
extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi.conf;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.main.socket};
'';
};
}) // (withWww "coldairnetworks.com" {
enableACME = true;
forceSSL = false;
addSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3012/";
};
}); });
# Optionally configure additional options # Optionally configure additional options