attic: add acme
This commit is contained in:
parent
ea58bfd567
commit
75af9cd046
SSH key fingerprint:
SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
5 changed files with 48 additions and 1 deletions
13
agenix/hosts/attic/acme/credentials.age
Normal file
13
agenix/hosts/attic/acme/credentials.age
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBZWEFs
|
||||
RWJpNlRUZ1ZFTWtRajhvU0JieWFBNk50L3hTU1VpYmYzdkw4N3hZCmpadUsvc1g3
|
||||
NC84dFJMZklKRm9KRnhMWGZ2TlJTQjlrYnJNL25vN0hwZk0KLT4gc3NoLWVkMjU1
|
||||
MTkgc1ZmNkNBIHdsc3N2cXJOQ0NNR293M3J3V2dPNXBDQzhXL2FwYUVSeDFkTmZW
|
||||
TEtiVHcKeVVTNFVpYnRHY2I4NnR0WGk5OStITVZKQUhiLzVKdzRMM0V5dzA4TFow
|
||||
TQotPiBaRGQvZHYrLWdyZWFzZSAvTTAocTUyCkFBd2I0cTZodUF3SFpZRzdaU1l4
|
||||
Q3k3Q3BXZjl5eTM3em5WZ1JCcW5SZmRTWStBMkFxQ3RwV0JXU05ZSE1PbngKTE5H
|
||||
cGhPOFp0NjBoVnAyWUdLTVFNclJGM3BhZVdlU1Nnbllib2Y3S0dYSQotLS0gN2xU
|
||||
OE1uSXpPMG9YcFkvTVdqZ2dlalA2SFFxSXRZNFNDaVVpMVFoZE13NAq9+hYgo/p8
|
||||
DgxCfKSB+2SptR2K6Im1p5wc3MWTqb7pypm3Ag2PSc6AhQDlWmm0/ZVU49ux/lIT
|
||||
gpjAaCc0DLo7ata/rBHDpTYUt48O+Ot1pTDkM8k1te0vKoSvXi3DtZC/7w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
|
|
@ -4,6 +4,12 @@
|
|||
file = ./user/danielPassword.age;
|
||||
};
|
||||
|
||||
acme-credentials = {
|
||||
file = ./acme/credentials.age;
|
||||
owner = "acme";
|
||||
group = "acme";
|
||||
};
|
||||
|
||||
tailscale-authkey = {
|
||||
file = ./tailscale/authkey.age;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -47,6 +47,8 @@ in
|
|||
# attic
|
||||
"agenix/hosts/attic/user/danielPassword.age".publicKeys = attic;
|
||||
|
||||
"agenix/hosts/attic/acme/credentials.age".publicKeys = attic;
|
||||
|
||||
"agenix/hosts/attic/tailscale/authkey.age".publicKeys = attic;
|
||||
|
||||
"agenix/hosts/attic/atticd/environment.age".publicKeys = attic;
|
||||
|
|
|
|||
|
|
@ -12,6 +12,9 @@ in
|
|||
|
||||
../nixos/git.nix
|
||||
|
||||
../nixos/acme-attic.nix
|
||||
../nixos/nginx.nix
|
||||
|
||||
(import ../nixos/atticd.nix (args // { inherit secret; }))
|
||||
|
||||
../nixos/tailscale.nix
|
||||
|
|
@ -70,7 +73,7 @@ in
|
|||
|
||||
networks = {
|
||||
"10-wan" = {
|
||||
matchConfig.Name = "eth0";
|
||||
matchConfig.Name = "enp1s0";
|
||||
networkConfig = {
|
||||
DHCP = "ipv4";
|
||||
Address = "2a01:4f8:c0c:fa14::1/64";
|
||||
|
|
|
|||
23
system/nixos/acme-attic.nix
Normal file
23
system/nixos/acme-attic.nix
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
|
||||
defaults = {
|
||||
email = "acme@kempkens.io";
|
||||
group = "nginx";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = config.age.secrets.acme-credentials.path;
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
dnsPropagationCheck = true;
|
||||
reloadServices = [ "nginx.service" ];
|
||||
};
|
||||
|
||||
certs = {
|
||||
"cache.daniel.sx" = {
|
||||
domain = "*.cache.daniel.sx";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Reference in a new issue