tux/tawm
1
0
Fork 0
mirror of https://github.com/tuxdotrs/tawm.git synced 2025-07-06 21:16:35 +05:30
Code Issues Packages Projects Releases Wiki Activity

add acme for wildcard ssl certificate

Browse Source
This commit is contained in:
0xTux
2024-08-26 21:01:16 +05:30
parent b3b5fccf20
commit 936f60ae7d
11 changed files with 41 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
hosts/controller/default.nix
View File

@ -26,6 +26,14 @@
searx_secret_key = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/email" = {
sopsFile = ./secrets.yaml;
};
"cloudflare_credentials/dns_api_token" = {
sopsFile = ./secrets.yaml;
};
};
boot = {
@ -44,8 +52,26 @@
security = {
sudo.wheelNeedsPassword = false;
acme = {
acceptTerms = true;
defaults.email = "0xtux@pm.me";
certs = {
"tux.rs" = {
domain = "*.tux.rs";
extraDomainNames = ["tux.rs"];
dnsProvider = "cloudflare";
credentialFiles = {
CLOUDFLARE_EMAIL_FILE = config.sops.secrets."cloudflare_credentials/email".path;
CLOUDFLARE_DNS_API_TOKEN_FILE = config.sops.secrets."cloudflare_credentials/dns_api_token".path;
};
};
};
};
};
users.users.nginx.extraGroups = ["acme"];
services = {
borgbackup.jobs.controller-backup = {
paths = [