From fa9530f33310013dc24246561b8766dd950fd328 Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Sun, 5 Mar 2023 23:02:49 +0100 Subject: [PATCH] sail: wip acme --- agenix/hosts/sail/acme/credentials.age | 14 ++++++++++++++ agenix/hosts/sail/config.nix | 6 ++++++ home/programs/nvim/plugins.nix | 4 ++-- secrets.nix | 2 ++ system/hosts/sail.nix | 2 ++ system/nixos/acme-sail.nix | 19 +++++++++++++++++++ 6 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 agenix/hosts/sail/acme/credentials.age create mode 100644 system/nixos/acme-sail.nix diff --git a/agenix/hosts/sail/acme/credentials.age b/agenix/hosts/sail/acme/credentials.age new file mode 100644 index 0000000..751ecfb --- /dev/null +++ b/agenix/hosts/sail/acme/credentials.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBDa08x +ZG5Vb2tJQVBubUladFk2T0wzSll2QW1TbG5wRWw4emZmUmpITkZNCjRkeTRPZnUy +TjZ4VUZlTnRGdUxxdW8xQ29pempXdHVoRnpzUEJ5b0M4MEkKLT4gc3NoLWVkMjU1 +MTkgTmJWNGh3IEJVOWtXRFNzdEk3NkhocWtyb3JYekJ6MEFNN2dDM2N4cXlaL1Rr +YkdFRjgKM2VNTFNQTWdqbE9VanJVL3FmeWQ4c0ZuOThaVWlRdDlnTmFMeEJYU0lG +OAotPiBEQTZTa0d+PC1ncmVhc2UgMSB7a3QvKUxTOCBJM344Vj5ZCndISGdYVTI4 +ZG5ja3FNUTlYeTlEczBiSXdySVNHVEo1SElvdHZ1ZnZ0eWhCZmlKclo3VWpJSlox +b0ZtSkk1VXYKMDF3cTFGNXVwMnd1Zm1pVnptY3VjRExHT2t1RklwQlEycEN4T1Jj +U25zdlNTYmcKLS0tIFZUcGZrTUtTT3djZ3d0VU05aDdFcDk1Tm9KN3NTMnl3alh3 +QWlLN3BaNWMKFSyXplcynqnH04rkNdl+7Deq0sUTr32SvZJsYTWaqGK2x6BT3tYY +C9qbNY7N0kG8XAtWFUvIdlhOTQPgouiyBc94OtUioJgqx/j8+85REXqjiio1Emkj +7EPYwRgeatQl4CA= +-----END AGE ENCRYPTED FILE----- diff --git a/agenix/hosts/sail/config.nix b/agenix/hosts/sail/config.nix index 0f9c2c7..bcb895e 100644 --- a/agenix/hosts/sail/config.nix +++ b/agenix/hosts/sail/config.nix @@ -1,5 +1,11 @@ { age.secrets = { + acme-credentials = { + file = ./acme/credentials.age; + owner = "acme"; + group = "acme"; + }; + cloudflared-environment = { file = ./cloudflared/environment.age; owner = "cloudflared"; diff --git a/home/programs/nvim/plugins.nix b/home/programs/nvim/plugins.nix index ec55a43..8a09ec3 100644 --- a/home/programs/nvim/plugins.nix +++ b/home/programs/nvim/plugins.nix @@ -116,8 +116,8 @@ rec { src = pkgs.fetchFromGitHub { owner = "nvim-treesitter"; repo = "nvim-treesitter"; - rev = "3731cf1c0c70287568d26f190849c68a46c21297"; - sha256 = "0n44iknqkaghy68gvdg5a3gvx9pplvnnxka427x69b8r6v3xgjzz"; + rev = "d11dd552dbde181cd49652188521f4b5f6cad2f8"; + sha256 = "12a5zrflzrlgmagiyp82s5c2x551v9vsypvmb0c04qbya4y1vaiz"; fetchSubmodules = false; }; }); diff --git a/secrets.nix b/secrets.nix index 9f2615d..0b776d9 100644 --- a/secrets.nix +++ b/secrets.nix @@ -7,6 +7,8 @@ let in { # sail + "agenix/hosts/sail/acme/credentials.age".publicKeys = sail; + "agenix/hosts/sail/cloudflared/environment.age".publicKeys = sail; "agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail; diff --git a/system/hosts/sail.nix b/system/hosts/sail.nix index 7075458..f6417e9 100644 --- a/system/hosts/sail.nix +++ b/system/hosts/sail.nix @@ -16,6 +16,8 @@ in ../nixos/cloudflared.nix + ../nixos/acme-sail.nix + ../nixos/atuin-sync.nix ../nixos/anonymous-overflow.nix diff --git a/system/nixos/acme-sail.nix b/system/nixos/acme-sail.nix new file mode 100644 index 0000000..f683c99 --- /dev/null +++ b/system/nixos/acme-sail.nix @@ -0,0 +1,19 @@ +{ config, ... }: + +{ + security.acme = { + acceptTerms = true; + email = "acme@kempkens.io"; + + defaults = { + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets.acme-credentials.path; + dnsResolver = "1.1.1.1:53"; + dnsPropagationCheck = true; + }; + + "daniel.sx" = { + domain = "*.daniel.sx"; + }; + }; +}