1
0
Fork 0

sail: wip acme

This commit is contained in:
Daniel Kempkens 2023-03-05 23:02:49 +01:00
parent ea0338519d
commit fa9530f333
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
6 changed files with 45 additions and 2 deletions

View file

@ -0,0 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBDa08x
ZG5Vb2tJQVBubUladFk2T0wzSll2QW1TbG5wRWw4emZmUmpITkZNCjRkeTRPZnUy
TjZ4VUZlTnRGdUxxdW8xQ29pempXdHVoRnpzUEJ5b0M4MEkKLT4gc3NoLWVkMjU1
MTkgTmJWNGh3IEJVOWtXRFNzdEk3NkhocWtyb3JYekJ6MEFNN2dDM2N4cXlaL1Rr
YkdFRjgKM2VNTFNQTWdqbE9VanJVL3FmeWQ4c0ZuOThaVWlRdDlnTmFMeEJYU0lG
OAotPiBEQTZTa0d+PC1ncmVhc2UgMSB7a3QvKUxTOCBJM344Vj5ZCndISGdYVTI4
ZG5ja3FNUTlYeTlEczBiSXdySVNHVEo1SElvdHZ1ZnZ0eWhCZmlKclo3VWpJSlox
b0ZtSkk1VXYKMDF3cTFGNXVwMnd1Zm1pVnptY3VjRExHT2t1RklwQlEycEN4T1Jj
U25zdlNTYmcKLS0tIFZUcGZrTUtTT3djZ3d0VU05aDdFcDk1Tm9KN3NTMnl3alh3
QWlLN3BaNWMKFSyXplcynqnH04rkNdl+7Deq0sUTr32SvZJsYTWaqGK2x6BT3tYY
C9qbNY7N0kG8XAtWFUvIdlhOTQPgouiyBc94OtUioJgqx/j8+85REXqjiio1Emkj
7EPYwRgeatQl4CA=
-----END AGE ENCRYPTED FILE-----

View file

@ -1,5 +1,11 @@
{ {
age.secrets = { age.secrets = {
acme-credentials = {
file = ./acme/credentials.age;
owner = "acme";
group = "acme";
};
cloudflared-environment = { cloudflared-environment = {
file = ./cloudflared/environment.age; file = ./cloudflared/environment.age;
owner = "cloudflared"; owner = "cloudflared";

View file

@ -116,8 +116,8 @@ rec {
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "nvim-treesitter"; owner = "nvim-treesitter";
repo = "nvim-treesitter"; repo = "nvim-treesitter";
rev = "3731cf1c0c70287568d26f190849c68a46c21297"; rev = "d11dd552dbde181cd49652188521f4b5f6cad2f8";
sha256 = "0n44iknqkaghy68gvdg5a3gvx9pplvnnxka427x69b8r6v3xgjzz"; sha256 = "12a5zrflzrlgmagiyp82s5c2x551v9vsypvmb0c04qbya4y1vaiz";
fetchSubmodules = false; fetchSubmodules = false;
}; };
}); });

View file

@ -7,6 +7,8 @@ let
in in
{ {
# sail # sail
"agenix/hosts/sail/acme/credentials.age".publicKeys = sail;
"agenix/hosts/sail/cloudflared/environment.age".publicKeys = sail; "agenix/hosts/sail/cloudflared/environment.age".publicKeys = sail;
"agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail; "agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail;

View file

@ -16,6 +16,8 @@ in
../nixos/cloudflared.nix ../nixos/cloudflared.nix
../nixos/acme-sail.nix
../nixos/atuin-sync.nix ../nixos/atuin-sync.nix
../nixos/anonymous-overflow.nix ../nixos/anonymous-overflow.nix

View file

@ -0,0 +1,19 @@
{ config, ... }:
{
security.acme = {
acceptTerms = true;
email = "acme@kempkens.io";
defaults = {
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets.acme-credentials.path;
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
};
"daniel.sx" = {
domain = "*.daniel.sx";
};
};
}