feat: ACME cert service through DNS-01 challenge
parent
ea0b4e75b7
commit
fcdd6defbc
|
@ -0,0 +1,4 @@
|
||||||
|
{
|
||||||
|
age.secrets.samsehu_NFSN_API_KEY.file = ./secrets/samsehu_NFSN_API_KEY.age;
|
||||||
|
age.secrets.samsehu_NFSN_LOGIN.file = ./secrets/samsehu_NFSN_LOGIN.age;
|
||||||
|
}
|
|
@ -127,6 +127,20 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# ACME client service for configuring SSL certificate
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "fresh.car0178@geemili.xyz";
|
||||||
|
certs."samsehu.perli.casa" = {
|
||||||
|
domain = "samsehu.perli.casa";
|
||||||
|
dnsProvider = "nearlyfreespeech";
|
||||||
|
credentialFiles = {
|
||||||
|
"NEARLYFREESPECH_API_KEY" = config.age.secrets.samsehu_NFSN_API_KEY.path;
|
||||||
|
"NEARLYFREESPECH_LOGIN" = config.age.secrets.samsehu_NFSN_LOGIN.path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Enable automatic upgrades
|
# Enable automatic upgrades
|
||||||
system.autoUpgrade.enable = true;
|
system.autoUpgrade.enable = true;
|
||||||
system.autoUpgrade.allowReboot = true;
|
system.autoUpgrade.allowReboot = true;
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
nixosConfigurations.samsehu = nixpkgs.lib.nixosSystem {
|
nixosConfigurations.samsehu = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = [
|
||||||
|
./agenix-config-module.nix
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
agenix.nixosModules.default
|
agenix.nixosModules.default
|
||||||
];
|
];
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 yXNDbw fIJwXjhuKTVLjQXxRAzkcXQR5sIrfbNYlyDJHeQjDgE
|
||||||
|
/zdUzjnkojy5zTynh2dh3YAowIzBc630tsJnsRC9fJA
|
||||||
|
-> ssh-ed25519 BTX+xA 1xfWcwHEzRm+pAYtjsimUelhjPzX2ftXCqTT8ZC5Ai4
|
||||||
|
ev6pWXEMB/5r5lvGIXnwb/5Y+y+KtF+82kXQsW27L8Q
|
||||||
|
--- TmO1kU6MHMyRRScZ4JFs67Dt8PNeuT900kEZFgB/+hM
|
||||||
|
/g`Þ‡”WU±»=#¾©É¬Þ >}ºb™—~xE]Ü´'îï<>…$’¸‹[”‚ÄåÎ
|
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 yXNDbw 62eQ1z2NUFkXLhNo7Cu++sLJC544LuGO9pF78eDqyBA
|
||||||
|
FDhNUIerQRbCAK4YWjRw7pws2m7ohalSy08BuWDQhUM
|
||||||
|
-> ssh-ed25519 BTX+xA lzBif7+dwdtGCHugVucaPNIxXnPkeJt0NbXwggs4UAg
|
||||||
|
eReSeftMwXfV3hKmgpdNP1uI/sCJqe8ReYZCnkvd1zc
|
||||||
|
--- u61FruBB1mBYUUpjsvOgZVfdMC8QnX6Mm7QXUGMjWt8
|
||||||
|
Þè²bБ戛ó^?‹ ?%0ZÒ81àx•ÀÙݽ04@›5vöŽ<C3B6>
|
|
@ -5,5 +5,6 @@ let
|
||||||
samsehu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRkyyUcmLsnX0oo1QzGeyPEqIc/i4ExcZClVoERggl9";
|
samsehu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRkyyUcmLsnX0oo1QzGeyPEqIc/i4ExcZClVoERggl9";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
"samsehu_NFSN_API_KEY".publicKeys = geemili ++ [ samesehu ];
|
"samsehu_NFSN_API_KEY.age".publicKeys = geemili ++ [ samsehu ];
|
||||||
|
"samsehu_NFSN_LOGIN.age".publicKeys = geemili ++ [ samsehu ];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue