tux/tawm
1
0
Fork 0
mirror of https://github.com/tuxdotrs/tawm.git synced 2025-07-05 20:56:33 +05:30
Code Issues Packages Projects Releases Wiki Activity

add acme for wildcard ssl certificate

Browse Source
This commit is contained in:
0xTux
2024-08-26 21:01:16 +05:30
parent b3b5fccf20
commit 936f60ae7d
11 changed files with 41 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
hosts/controller/default.nix
View File

@ -26,6 +26,14 @@
searx_secret_key = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/email" = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/dns_api_token" = {
sopsFile = ./secrets.yaml;
};
};
boot = {
@ -44,8 +52,26 @@
security = {
sudo.wheelNeedsPassword = false;
acme = {
acceptTerms = true;
defaults.email = "0xtux@pm.me";
certs = {
"tux.rs" = {
domain = "*.tux.rs";
extraDomainNames = ["tux.rs"];
dnsProvider = "cloudflare";
credentialFiles = {
CLOUDFLARE_EMAIL_FILE = config.sops.secrets."cloudflare_credentials/email".path;
CLOUDFLARE_DNS_API_TOKEN_FILE = config.sops.secrets."cloudflare_credentials/dns_api_token".path;
};
};
};
};
};
users.users.nginx.extraGroups = ["acme"];
services = {
borgbackup.jobs.controller-backup = {
paths = [

9
hosts/controller/secrets.yaml
View File

@ -1,5 +1,8 @@
borg_encryption_key: ENC[AES256_GCM,data:7DZQaoS2a5mPjTej25vr1aO1yAAPyXT2tf/VxKrLxF0=,iv:it8JlyEj4r4Z+qDvoEWMQlGkbVh08M/BCkGLVzRCVKQ=,tag:81gRhru8J3hkQhIbgUOgBg==,type:str]
searx_secret_key: ENC[AES256_GCM,data:FzQBnYDB6mrAfIBB1LCdTLSNltD7T1PoUGssW+EX74j/y9kNqPZOtxIYpsWqAfenEODrP+rUjrLXAsVrMLFng3ZOtBAI1HYTobA=,iv:Vty/zrD8jE2CoWfguHwDr14TUSejOTnpBHJjc9IcEiE=,tag:yz4ZdWsmg+ammb/dup6f4A==,type:str]
searx_secret_key: ENC[AES256_GCM,data:Z49PJ2gNI5CI0IfzOta+r67VNUvjoPpMVv5lajGhUMPzSy1KWZC5wIM3d02jWwCOsNjXdU5hE3j9W0rkoy5ZhFPXBJRUEv5b6IcaLA==,iv:364zGZkD2LO189nkvizl8yjedi1IgYEEQMA67SexSSI=,tag:qPqefG6jUaBOpUy6d7E++w==,type:str]
cloudflare_credentials:
email: ENC[AES256_GCM,data:qesgxkzUglKdYPI=,iv:2XDEoQzmtagSiILWZzJPswdhkQ+qjdZfNd+LL1nHPx8=,tag:K1F23Za2Zq78tzf0fl5zEw==,type:str]
dns_api_token: ENC[AES256_GCM,data:ibSL4KWYhqgHjo27fiSqB1iN9NWU3/qGGuLpmiMpBf+qCuh8uxR7Yw==,iv:NapMvfUSm5rgeROK7KuxGyog8s2PW9CCKtjRG87FoCQ=,tag:/Oah7PRCe4XPts0IYt83zw==,type:str]
sops:
kms: []
gcp_kms: []
@ -24,8 +27,8 @@ sops:
NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-25T19:35:08Z"
mac: ENC[AES256_GCM,data:EtYv7GNuYAmUSSu6SZUCJTnAb42qDIQIuyTLSEsT8Jp3H7UIX7QH2eHxmAV8RfEPQ18XevQAM9UdK4YVR2trLRSBeDn/xxdFtzpo2z7kUQXz+1pDmFBLpdiPfrmNJ76ZuBr5qihiB7J8Go3KkErcyYAFEw1KQV/N4OSQB+CPnhw=,iv:QYVKKRpaJHXmICpQMhW+Le4wJwSh4yOH2NfVUpRDcbI=,tag:98m/t5U96MikHrMTgn510g==,type:str]
lastmodified: "2024-08-26T14:25:03Z"
mac: ENC[AES256_GCM,data:UOxh1tIsFmYJ8i5HKhK8ckSZTbXsl6BmJATuLIJhfT93ir/sh58E9a9D6p6+Uyl6lt9qRESKRpeHUsdy4kKtXmmutQACzUHgVobzgL/1KpGYM4A/Wj5pSWGiT6D/zDkR0pJNFEshHxNfTJE8B6ZKFkHXy85nY22DW4fLjuMD4Y4=,iv:X4ArW4afDSHZ84rnn8Cuh+4Sgmk+7NXqcewgemlW+VI=,tag:2yorv0yFRAQkTZm06TQNiA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0

2
modules/nixos/gitea.nix
View File

@ -16,7 +16,7 @@
virtualHosts = {
"git.tux.rs" = {
forceSSL = true;
enableACME = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:3000";

2
modules/nixos/headscale.nix
View File

@ -45,7 +45,7 @@
virtualHosts = {
"hs.tux.rs" = {
forceSSL = true;
enableACME = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:${toString config.services.headscale.port}";

2
modules/nixos/monitoring/grafana.nix
View File

@ -20,7 +20,7 @@
virtualHosts = {
"grafana.tux.rs" = {
forceSSL = true;
enableACME = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:8888";

2
modules/nixos/monitoring/loki.nix
View File

@ -44,7 +44,7 @@
virtualHosts = {
"loki.tux.rs" = {
forceSSL = true;
enableACME = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:3100";

2
modules/nixos/monitoring/promtail.nix
View File

@ -42,7 +42,7 @@
virtualHosts = {
"promtail.tux.rs" = {
forceSSL = true;
enableACME = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:9080";

2
modules/nixos/ntfy-sh.nix
View File

@ -14,7 +14,7 @@
virtualHosts = {
"ntfy.tux.rs" = {
forceSSL = true;
enableACME = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:7070";

2
modules/nixos/searx.nix
View File

@ -30,7 +30,7 @@
virtualHosts = {
"sx.tux.rs" = {
forceSSL = true;
enableACME = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:3415";

2
modules/nixos/uptime-kuma.nix
View File

@ -9,7 +9,7 @@
virtualHosts = {
"uptime.tux.rs" = {
forceSSL = true;
enableACME = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:3001";

2
modules/nixos/vaultwarden.nix
View File

@ -15,7 +15,7 @@
virtualHosts = {
"bw.tux.rs" = {
forceSSL = true;
enableACME = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:8000";