sail: wip acme
This commit is contained in:
parent
ea0338519d
commit
fa9530f333
SSH key fingerprint:
SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
6 changed files with 45 additions and 2 deletions
14
agenix/hosts/sail/acme/credentials.age
Normal file
14
agenix/hosts/sail/acme/credentials.age
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBDa08x
|
||||
ZG5Vb2tJQVBubUladFk2T0wzSll2QW1TbG5wRWw4emZmUmpITkZNCjRkeTRPZnUy
|
||||
TjZ4VUZlTnRGdUxxdW8xQ29pempXdHVoRnpzUEJ5b0M4MEkKLT4gc3NoLWVkMjU1
|
||||
MTkgTmJWNGh3IEJVOWtXRFNzdEk3NkhocWtyb3JYekJ6MEFNN2dDM2N4cXlaL1Rr
|
||||
YkdFRjgKM2VNTFNQTWdqbE9VanJVL3FmeWQ4c0ZuOThaVWlRdDlnTmFMeEJYU0lG
|
||||
OAotPiBEQTZTa0d+PC1ncmVhc2UgMSB7a3QvKUxTOCBJM344Vj5ZCndISGdYVTI4
|
||||
ZG5ja3FNUTlYeTlEczBiSXdySVNHVEo1SElvdHZ1ZnZ0eWhCZmlKclo3VWpJSlox
|
||||
b0ZtSkk1VXYKMDF3cTFGNXVwMnd1Zm1pVnptY3VjRExHT2t1RklwQlEycEN4T1Jj
|
||||
U25zdlNTYmcKLS0tIFZUcGZrTUtTT3djZ3d0VU05aDdFcDk1Tm9KN3NTMnl3alh3
|
||||
QWlLN3BaNWMKFSyXplcynqnH04rkNdl+7Deq0sUTr32SvZJsYTWaqGK2x6BT3tYY
|
||||
C9qbNY7N0kG8XAtWFUvIdlhOTQPgouiyBc94OtUioJgqx/j8+85REXqjiio1Emkj
|
||||
7EPYwRgeatQl4CA=
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
|
|
@ -1,5 +1,11 @@
|
|||
{
|
||||
age.secrets = {
|
||||
acme-credentials = {
|
||||
file = ./acme/credentials.age;
|
||||
owner = "acme";
|
||||
group = "acme";
|
||||
};
|
||||
|
||||
cloudflared-environment = {
|
||||
file = ./cloudflared/environment.age;
|
||||
owner = "cloudflared";
|
||||
|
|
|
|||
|
|
@ -116,8 +116,8 @@ rec {
|
|||
src = pkgs.fetchFromGitHub {
|
||||
owner = "nvim-treesitter";
|
||||
repo = "nvim-treesitter";
|
||||
rev = "3731cf1c0c70287568d26f190849c68a46c21297";
|
||||
sha256 = "0n44iknqkaghy68gvdg5a3gvx9pplvnnxka427x69b8r6v3xgjzz";
|
||||
rev = "d11dd552dbde181cd49652188521f4b5f6cad2f8";
|
||||
sha256 = "12a5zrflzrlgmagiyp82s5c2x551v9vsypvmb0c04qbya4y1vaiz";
|
||||
fetchSubmodules = false;
|
||||
};
|
||||
});
|
||||
|
|
|
|||
|
|
@ -7,6 +7,8 @@ let
|
|||
in
|
||||
{
|
||||
# sail
|
||||
"agenix/hosts/sail/acme/credentials.age".publicKeys = sail;
|
||||
|
||||
"agenix/hosts/sail/cloudflared/environment.age".publicKeys = sail;
|
||||
|
||||
"agenix/hosts/sail/mastodon/databasePassword.age".publicKeys = sail;
|
||||
|
|
|
|||
|
|
@ -16,6 +16,8 @@ in
|
|||
|
||||
../nixos/cloudflared.nix
|
||||
|
||||
../nixos/acme-sail.nix
|
||||
|
||||
../nixos/atuin-sync.nix
|
||||
|
||||
../nixos/anonymous-overflow.nix
|
||||
|
|
|
|||
19
system/nixos/acme-sail.nix
Normal file
19
system/nixos/acme-sail.nix
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
email = "acme@kempkens.io";
|
||||
|
||||
defaults = {
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = config.age.secrets.acme-credentials.path;
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
dnsPropagationCheck = true;
|
||||
};
|
||||
|
||||
"daniel.sx" = {
|
||||
domain = "*.daniel.sx";
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Reference in a new issue