feat: ACME cert service through DNS-01 challenge

2023-12-29 21:20:53 -07:00 · 2023-12-29 21:20:53 -07:00 · fcdd6defbc
parent ea0b4e75b7
commit fcdd6defbc
6 changed files with 35 additions and 1 deletions
--- a/agenix-config-module.nix
+++ b/agenix-config-module.nix
@ -0,0 +1,4 @@
 {
  age.secrets.samsehu_NFSN_API_KEY.file = ./secrets/samsehu_NFSN_API_KEY.age;
  age.secrets.samsehu_NFSN_LOGIN.file = ./secrets/samsehu_NFSN_LOGIN.age;
 }
--- a/configuration.nix
+++ b/configuration.nix
@ -127,6 +127,20 @@
    };
  };
  # ACME client service for configuring SSL certificate
  security.acme = {
    acceptTerms = true;
    defaults.email = "fresh.car0178@geemili.xyz";
    certs."samsehu.perli.casa" = {
      domain = "samsehu.perli.casa";
      dnsProvider = "nearlyfreespeech";
      credentialFiles = {
        "NEARLYFREESPECH_API_KEY" = config.age.secrets.samsehu_NFSN_API_KEY.path;
        "NEARLYFREESPECH_LOGIN" = config.age.secrets.samsehu_NFSN_LOGIN.path;
      };
    };
  };
  # Enable automatic upgrades
  system.autoUpgrade.enable = true;
  system.autoUpgrade.allowReboot = true;
--- a/flake.nix
+++ b/flake.nix
@ -11,6 +11,7 @@
    nixosConfigurations.samsehu = nixpkgs.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
        ./agenix-config-module.nix
        ./configuration.nix
        agenix.nixosModules.default
      ];
--- a/secrets/samsehu_NFSN_API_KEY.age
+++ b/secrets/samsehu_NFSN_API_KEY.age
@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 yXNDbw fIJwXjhuKTVLjQXxRAzkcXQR5sIrfbNYlyDJHeQjDgE
 /zdUzjnkojy5zTynh2dh3YAowIzBc630tsJnsRC9fJA
 -> ssh-ed25519 BTX+xA 1xfWcwHEzRm+pAYtjsimUelhjPzX2ftXCqTT8ZC5Ai4
 ev6pWXEMB/5r5lvGIXnwb/5Y+y+KtF+82kXQsW27L8Q
 --- TmO1kU6MHMyRRScZ4JFs67Dt8PNeuT900kEZFgB/+hM
 /g`Þ‡”WU±»=#¾©É¬Þ >}ºb™—~xE]Ü´'îï<>…$’¸‹[”‚ÄåÎ
--- a/secrets/samsehu_NFSN_LOGIN.age
+++ b/secrets/samsehu_NFSN_LOGIN.age
@ -0,0 +1,7 @@
 age-encryption.org/v1
 -> ssh-ed25519 yXNDbw 62eQ1z2NUFkXLhNo7Cu++sLJC544LuGO9pF78eDqyBA
 FDhNUIerQRbCAK4YWjRw7pws2m7ohalSy08BuWDQhUM
 -> ssh-ed25519 BTX+xA lzBif7+dwdtGCHugVucaPNIxXnPkeJt0NbXwggs4UAg
 eReSeftMwXfV3hKmgpdNP1uI/sCJqe8ReYZCnkvd1zc
 --- u61FruBB1mBYUUpjsvOgZVfdMC8QnX6Mm7QXUGMjWt8
 Þè²bÐ‘æˆ›ó^?‹ ?%0ZÒ81àx•ÀÙÝ½04@›5vöŽ<C3B6>
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -5,5 +5,6 @@ let
  samsehu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRkyyUcmLsnX0oo1QzGeyPEqIc/i4ExcZClVoERggl9";
 in
 {
-  "samsehu_NFSN_API_KEY".publicKeys = geemili ++ [ samesehu ];
+  "samsehu_NFSN_API_KEY.age".publicKeys = geemili ++ [ samsehu ];
  "samsehu_NFSN_LOGIN.age".publicKeys = geemili ++ [ samsehu ];
 }