Get basic nginx and acme setup working
This should enable DNS-01 acme for all khs openstack servers, thus removing the pain of setting up acme for those servers. Do note that this might not really be needed that much anymore, as I should be able to hit them over IPv6, but for ease of mind, this will enable ACME trivially, also for non https workloads, as well as servers without open ports. Do note that currently there's a global unifi firewall rule in place to allow port 80 and 443 to my own servers over ipv6, I'd like to remove this and have Nix configure firewall rules for each server individually, as requested in the setup.
This commit is contained in:
parent
365b16c380
commit
c402ada8f7
GPG key ID:
C7D890804F01E9F0
13 changed files with 184 additions and 101 deletions
|
|
@ -232,13 +232,22 @@ unsafe fn execvpe<SA: AsRef<CStr>, SEK: AsRef<OsStr>, SEV: AsRef<OsStr>>(
|
|||
args: &[SA],
|
||||
environ: &[(SEK, SEV)],
|
||||
) -> anyhow::Result<Infallible> {
|
||||
let environ: Vec<_> = environ
|
||||
let environ = environ
|
||||
.iter()
|
||||
.map(|(k, v)| {
|
||||
CString::new(Format!("{k}={v}"))
|
||||
.with_context(|| format!("Environment variable {k} contains null bytes"))?
|
||||
CString::new(format!(
|
||||
"{k}={v}",
|
||||
k = k.as_ref().display(),
|
||||
v = v.as_ref().display()
|
||||
))
|
||||
.with_context(|| {
|
||||
format!(
|
||||
"Environment variable {k} contains null bytes",
|
||||
k = k.as_ref().display()
|
||||
)
|
||||
})
|
||||
})
|
||||
.collect();
|
||||
.collect::<anyhow::Result<Vec<CString>>>()?;
|
||||
Ok(nix::unistd::execvpe(filename, args, &environ)?)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue