attic: add acme
This commit is contained in:
parent
ea58bfd567
commit
75af9cd046
SSH key fingerprint:
SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
5 changed files with 48 additions and 1 deletions
13
agenix/hosts/attic/acme/credentials.age
Normal file
13
agenix/hosts/attic/acme/credentials.age
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBZWEFs
|
||||||
|
RWJpNlRUZ1ZFTWtRajhvU0JieWFBNk50L3hTU1VpYmYzdkw4N3hZCmpadUsvc1g3
|
||||||
|
NC84dFJMZklKRm9KRnhMWGZ2TlJTQjlrYnJNL25vN0hwZk0KLT4gc3NoLWVkMjU1
|
||||||
|
MTkgc1ZmNkNBIHdsc3N2cXJOQ0NNR293M3J3V2dPNXBDQzhXL2FwYUVSeDFkTmZW
|
||||||
|
TEtiVHcKeVVTNFVpYnRHY2I4NnR0WGk5OStITVZKQUhiLzVKdzRMM0V5dzA4TFow
|
||||||
|
TQotPiBaRGQvZHYrLWdyZWFzZSAvTTAocTUyCkFBd2I0cTZodUF3SFpZRzdaU1l4
|
||||||
|
Q3k3Q3BXZjl5eTM3em5WZ1JCcW5SZmRTWStBMkFxQ3RwV0JXU05ZSE1PbngKTE5H
|
||||||
|
cGhPOFp0NjBoVnAyWUdLTVFNclJGM3BhZVdlU1Nnbllib2Y3S0dYSQotLS0gN2xU
|
||||||
|
OE1uSXpPMG9YcFkvTVdqZ2dlalA2SFFxSXRZNFNDaVVpMVFoZE13NAq9+hYgo/p8
|
||||||
|
DgxCfKSB+2SptR2K6Im1p5wc3MWTqb7pypm3Ag2PSc6AhQDlWmm0/ZVU49ux/lIT
|
||||||
|
gpjAaCc0DLo7ata/rBHDpTYUt48O+Ot1pTDkM8k1te0vKoSvXi3DtZC/7w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
|
@ -4,6 +4,12 @@
|
||||||
file = ./user/danielPassword.age;
|
file = ./user/danielPassword.age;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
acme-credentials = {
|
||||||
|
file = ./acme/credentials.age;
|
||||||
|
owner = "acme";
|
||||||
|
group = "acme";
|
||||||
|
};
|
||||||
|
|
||||||
tailscale-authkey = {
|
tailscale-authkey = {
|
||||||
file = ./tailscale/authkey.age;
|
file = ./tailscale/authkey.age;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -47,6 +47,8 @@ in
|
||||||
# attic
|
# attic
|
||||||
"agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
|
"agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
|
||||||
|
|
||||||
|
"agenix/hosts/attic/acme/credentials.age".publicKeys = attic;
|
||||||
|
|
||||||
"agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic;
|
"agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic;
|
||||||
|
|
||||||
"agenix/hosts/attic/atticd/environment.age".publicKeys = attic;
|
"agenix/hosts/attic/atticd/environment.age".publicKeys = attic;
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,9 @@ in
|
||||||
|
|
||||||
../nixos/git.nix
|
../nixos/git.nix
|
||||||
|
|
||||||
|
../nixos/acme-attic.nix
|
||||||
|
../nixos/nginx.nix
|
||||||
|
|
||||||
(import ../nixos/atticd.nix (args // { inherit secret; }))
|
(import ../nixos/atticd.nix (args // { inherit secret; }))
|
||||||
|
|
||||||
../nixos/tailscale.nix
|
../nixos/tailscale.nix
|
||||||
|
|
@ -70,7 +73,7 @@ in
|
||||||
|
|
||||||
networks = {
|
networks = {
|
||||||
"10-wan" = {
|
"10-wan" = {
|
||||||
matchConfig.Name = "eth0";
|
matchConfig.Name = "enp1s0";
|
||||||
networkConfig = {
|
networkConfig = {
|
||||||
DHCP = "ipv4";
|
DHCP = "ipv4";
|
||||||
Address = "2a01:4f8:c0c:fa14::1/64";
|
Address = "2a01:4f8:c0c:fa14::1/64";
|
||||||
|
|
|
||||||
23
system/nixos/acme-attic.nix
Normal file
23
system/nixos/acme-attic.nix
Normal file
|
|
@ -0,0 +1,23 @@
|
||||||
|
{ config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
|
||||||
|
defaults = {
|
||||||
|
email = "acme@kempkens.io";
|
||||||
|
group = "nginx";
|
||||||
|
dnsProvider = "cloudflare";
|
||||||
|
credentialsFile = config.age.secrets.acme-credentials.path;
|
||||||
|
dnsResolver = "1.1.1.1:53";
|
||||||
|
dnsPropagationCheck = true;
|
||||||
|
reloadServices = [ "nginx.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
certs = {
|
||||||
|
"cache.daniel.sx" = {
|
||||||
|
domain = "*.cache.daniel.sx";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue