diff options
| author | Thomas Vanbesien <tvanbesi@proton.me> | 2026-06-04 17:25:34 +0200 |
|---|---|---|
| committer | Thomas Vanbesien <tvanbesi@proton.me> | 2026-06-04 17:25:34 +0200 |
| commit | f87b35613f82e66b3854747ef6952dedc0674213 (patch) | |
| tree | 0ae4244105e89a47d967a0ca1cab24c6f01e3819 /services | |
| parent | 8511f9d5c5d37f66239b571cf2a2b19c97705edf (diff) | |
| download | net_services-f87b35613f82e66b3854747ef6952dedc0674213.tar.gz net_services-f87b35613f82e66b3854747ef6952dedc0674213.zip | |
misc: add git user setup, move TLS folder, nginx don't use cmd.bash
Diffstat (limited to 'services')
5 files changed, 10 insertions, 21 deletions
diff --git a/services/nginx/fs/etc/nginx/templates/default.conf.template b/services/nginx/fs/etc/nginx/templates/default.conf.template index f90b61a..e35cc41 100644 --- a/services/nginx/fs/etc/nginx/templates/default.conf.template +++ b/services/nginx/fs/etc/nginx/templates/default.conf.template @@ -20,8 +20,8 @@ server { server_name ${NGINX__HOST} www.${NGINX__HOST}; - ssl_certificate /run/secrets/server.crt; - ssl_certificate_key /run/secrets/server.key; + ssl_certificate /etc/certs/server.crt; + ssl_certificate_key /etc/certs/server.key; location / { root /srv; @@ -34,8 +34,8 @@ server { server_name _; - ssl_certificate /run/secrets/server.crt; - ssl_certificate_key /run/secrets/server.key; + ssl_certificate /etc/certs/server.crt; + ssl_certificate_key /etc/certs/server.key; return 444; } diff --git a/services/nginx/fs/etc/nginx/templates/services/cgit.conf.template b/services/nginx/fs/etc/nginx/templates/services/cgit.conf.template index c0fa070..4abcee9 100644 --- a/services/nginx/fs/etc/nginx/templates/services/cgit.conf.template +++ b/services/nginx/fs/etc/nginx/templates/services/cgit.conf.template @@ -4,8 +4,8 @@ server { server_name git.${NGINX__HOST}; - ssl_certificate /run/secrets/server.crt; - ssl_certificate_key /run/secrets/server.key; + ssl_certificate /etc/certs/server.crt; + ssl_certificate_key /etc/certs/server.key; location / { proxy_pass http://cgit:80; diff --git a/services/nginx/fs/etc/nginx/templates/services/radicale.conf.template b/services/nginx/fs/etc/nginx/templates/services/radicale.conf.template index d6e4617..d0fd944 100644 --- a/services/nginx/fs/etc/nginx/templates/services/radicale.conf.template +++ b/services/nginx/fs/etc/nginx/templates/services/radicale.conf.template @@ -4,8 +4,8 @@ server { server_name dav.${NGINX__HOST}; - ssl_certificate /run/secrets/server.crt; - ssl_certificate_key /run/secrets/server.key; + ssl_certificate /etc/certs/server.crt; + ssl_certificate_key /etc/certs/server.key; location / { proxy_pass http://radicale:5232; diff --git a/services/nginx/fs/etc/nginx/templates/services/syncthing.conf.template b/services/nginx/fs/etc/nginx/templates/services/syncthing.conf.template index 31c90bb..1060588 100644 --- a/services/nginx/fs/etc/nginx/templates/services/syncthing.conf.template +++ b/services/nginx/fs/etc/nginx/templates/services/syncthing.conf.template @@ -4,8 +4,8 @@ server { server_name sync.${NGINX__HOST}; - ssl_certificate /run/secrets/server.crt; - ssl_certificate_key /run/secrets/server.key; + ssl_certificate /etc/certs/server.crt; + ssl_certificate_key /etc/certs/server.key; location / { proxy_pass http://syncthing:8384; diff --git a/services/nginx/fs/sbin/cmd.bash b/services/nginx/fs/sbin/cmd.bash deleted file mode 100755 index e024b4f..0000000 --- a/services/nginx/fs/sbin/cmd.bash +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/bash -set -eu - -# Install sensitive data in tmpfs -install --mode 400 /run/host_secrets/server.crt /run/secrets/server.crt -install --mode 400 /run/host_secrets/server.key /run/secrets/server.key - -# We have to run the entrypoint again -# Because if the first positional parameter is not "nginx" or "nginx-debug" the scripts in /docker-entrypoint.d are not ran. -# https://github.com/nginx/docker-nginx/blob/master/stable/debian/docker-entrypoint.sh -exec /docker-entrypoint.sh nginx -g "daemon off;" |