1
0
Fork 0

attic: add acme

This commit is contained in:
Daniel Kempkens 2023-04-04 22:05:11 +02:00
parent ea58bfd567
commit 75af9cd046
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
5 changed files with 48 additions and 1 deletions

View file

@ -0,0 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBZWEFs
RWJpNlRUZ1ZFTWtRajhvU0JieWFBNk50L3hTU1VpYmYzdkw4N3hZCmpadUsvc1g3
NC84dFJMZklKRm9KRnhMWGZ2TlJTQjlrYnJNL25vN0hwZk0KLT4gc3NoLWVkMjU1
MTkgc1ZmNkNBIHdsc3N2cXJOQ0NNR293M3J3V2dPNXBDQzhXL2FwYUVSeDFkTmZW
TEtiVHcKeVVTNFVpYnRHY2I4NnR0WGk5OStITVZKQUhiLzVKdzRMM0V5dzA4TFow
TQotPiBaRGQvZHYrLWdyZWFzZSAvTTAocTUyCkFBd2I0cTZodUF3SFpZRzdaU1l4
Q3k3Q3BXZjl5eTM3em5WZ1JCcW5SZmRTWStBMkFxQ3RwV0JXU05ZSE1PbngKTE5H
cGhPOFp0NjBoVnAyWUdLTVFNclJGM3BhZVdlU1Nnbllib2Y3S0dYSQotLS0gN2xU
OE1uSXpPMG9YcFkvTVdqZ2dlalA2SFFxSXRZNFNDaVVpMVFoZE13NAq9+hYgo/p8
DgxCfKSB+2SptR2K6Im1p5wc3MWTqb7pypm3Ag2PSc6AhQDlWmm0/ZVU49ux/lIT
gpjAaCc0DLo7ata/rBHDpTYUt48O+Ot1pTDkM8k1te0vKoSvXi3DtZC/7w==
-----END AGE ENCRYPTED FILE-----

View file

@ -4,6 +4,12 @@
file = ./user/danielPassword.age; file = ./user/danielPassword.age;
}; };
acme-credentials = {
file = ./acme/credentials.age;
owner = "acme";
group = "acme";
};
tailscale-authkey = { tailscale-authkey = {
file = ./tailscale/authkey.age; file = ./tailscale/authkey.age;
}; };

View file

@ -47,6 +47,8 @@ in
# attic # attic
"agenix/hosts/attic/user/danielPassword.age".publicKeys = attic; "agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
"agenix/hosts/attic/acme/credentials.age".publicKeys = attic;
"agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic; "agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic;
"agenix/hosts/attic/atticd/environment.age".publicKeys = attic; "agenix/hosts/attic/atticd/environment.age".publicKeys = attic;

View file

@ -12,6 +12,9 @@ in
../nixos/git.nix ../nixos/git.nix
../nixos/acme-attic.nix
../nixos/nginx.nix
(import ../nixos/atticd.nix (args // { inherit secret; })) (import ../nixos/atticd.nix (args // { inherit secret; }))
../nixos/tailscale.nix ../nixos/tailscale.nix
@ -70,7 +73,7 @@ in
networks = { networks = {
"10-wan" = { "10-wan" = {
matchConfig.Name = "eth0"; matchConfig.Name = "enp1s0";
networkConfig = { networkConfig = {
DHCP = "ipv4"; DHCP = "ipv4";
Address = "2a01:4f8:c0c:fa14::1/64"; Address = "2a01:4f8:c0c:fa14::1/64";

View file

@ -0,0 +1,23 @@
{ config, ... }:
{
security.acme = {
acceptTerms = true;
defaults = {
email = "acme@kempkens.io";
group = "nginx";
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.acme-credentials.path;
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
reloadServices = [ "nginx.service" ];
};
certs = {
"cache.daniel.sx" = {
domain = "*.cache.daniel.sx";
};
};
};
}