diff --git a/agenix-config-module.nix b/agenix-config-module.nix new file mode 100644 index 0000000..4c5251b --- /dev/null +++ b/agenix-config-module.nix @@ -0,0 +1,4 @@ +{ + age.secrets.samsehu_NFSN_API_KEY.file = ./secrets/samsehu_NFSN_API_KEY.age; + age.secrets.samsehu_NFSN_LOGIN.file = ./secrets/samsehu_NFSN_LOGIN.age; +} diff --git a/configuration.nix b/configuration.nix index c4886c9..59079ae 100644 --- a/configuration.nix +++ b/configuration.nix @@ -127,6 +127,20 @@ }; }; + # ACME client service for configuring SSL certificate + security.acme = { + acceptTerms = true; + defaults.email = "fresh.car0178@geemili.xyz"; + certs."samsehu.perli.casa" = { + domain = "samsehu.perli.casa"; + dnsProvider = "nearlyfreespeech"; + credentialFiles = { + "NEARLYFREESPECH_API_KEY" = config.age.secrets.samsehu_NFSN_API_KEY.path; + "NEARLYFREESPECH_LOGIN" = config.age.secrets.samsehu_NFSN_LOGIN.path; + }; + }; + }; + # Enable automatic upgrades system.autoUpgrade.enable = true; system.autoUpgrade.allowReboot = true; diff --git a/flake.nix b/flake.nix index dba0ea6..2256a83 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,7 @@ nixosConfigurations.samsehu = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ + ./agenix-config-module.nix ./configuration.nix agenix.nixosModules.default ]; diff --git a/secrets/samsehu_NFSN_API_KEY.age b/secrets/samsehu_NFSN_API_KEY.age new file mode 100644 index 0000000..bf7594d --- /dev/null +++ b/secrets/samsehu_NFSN_API_KEY.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 yXNDbw fIJwXjhuKTVLjQXxRAzkcXQR5sIrfbNYlyDJHeQjDgE +/zdUzjnkojy5zTynh2dh3YAowIzBc630tsJnsRC9fJA +-> ssh-ed25519 BTX+xA 1xfWcwHEzRm+pAYtjsimUelhjPzX2ftXCqTT8ZC5Ai4 +ev6pWXEMB/5r5lvGIXnwb/5Y+y+KtF+82kXQsW27L8Q +--- TmO1kU6MHMyRRScZ4JFs67Dt8PNeuT900kEZFgB/+hM +/g`އWU=#ɬޠ>}b~xE]ܴ' $[ \ No newline at end of file diff --git a/secrets/samsehu_NFSN_LOGIN.age b/secrets/samsehu_NFSN_LOGIN.age new file mode 100644 index 0000000..e3a8c93 --- /dev/null +++ b/secrets/samsehu_NFSN_LOGIN.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 yXNDbw 62eQ1z2NUFkXLhNo7Cu++sLJC544LuGO9pF78eDqyBA +FDhNUIerQRbCAK4YWjRw7pws2m7ohalSy08BuWDQhUM +-> ssh-ed25519 BTX+xA lzBif7+dwdtGCHugVucaPNIxXnPkeJt0NbXwggs4UAg +eReSeftMwXfV3hKmgpdNP1uI/sCJqe8ReYZCnkvd1zc +--- u61FruBB1mBYUUpjsvOgZVfdMC8QnX6Mm7QXUGMjWt8 +bБ戛^ ? ?%0Z81x04@5v \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index e33e92b..9721d2a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -5,5 +5,6 @@ let samsehu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRkyyUcmLsnX0oo1QzGeyPEqIc/i4ExcZClVoERggl9"; in { - "samsehu_NFSN_API_KEY".publicKeys = geemili ++ [ samesehu ]; + "samsehu_NFSN_API_KEY.age".publicKeys = geemili ++ [ samsehu ]; + "samsehu_NFSN_LOGIN.age".publicKeys = geemili ++ [ samsehu ]; }