mirror of
https://github.com/genebean/dots.git
synced 2026-03-27 09:27:44 -04:00
Got dns-01 based certs
This commit is contained in:
parent
f149ed3b1b
commit
e9793beb7b
3 changed files with 105 additions and 4 deletions
|
|
@ -1,8 +1,25 @@
|
||||||
{ ... }: let
|
{ config, ... }: let
|
||||||
http_port = 8080;
|
http_port = 8080;
|
||||||
https_port = 8444;
|
https_port = 8444;
|
||||||
|
gandi_api = "${config.sops.secrets.gandi_api.path}";
|
||||||
|
#gandi_dns_pat = "${config.sops.secrets.gandi_dns_pat.path}";
|
||||||
in {
|
in {
|
||||||
|
sops.secrets.gandi_api = {
|
||||||
|
sopsFile = ../../../../system/common/secrets.yaml;
|
||||||
|
restartUnits = [
|
||||||
|
"container@nginx-proxy.service"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
#sops.secrets.gandi_dns_pat = {
|
||||||
|
# sopsFile = ../../../../system/common/secrets.yaml;
|
||||||
|
# restartUnits = [
|
||||||
|
# "container@nginx-proxy.service"
|
||||||
|
# ];
|
||||||
|
#};
|
||||||
|
|
||||||
containers.nginx-proxy = {
|
containers.nginx-proxy = {
|
||||||
|
bindMounts."${gandi_api}".isReadOnly = true;
|
||||||
|
#bindMounts."${gandi_dns_pat}".isReadOnly = true;
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
privateNetwork = true;
|
privateNetwork = true;
|
||||||
hostBridge = "br1-23";
|
hostBridge = "br1-23";
|
||||||
|
|
@ -17,13 +34,14 @@ in {
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"nix-tester.home.technicalissues.us" = {
|
"nix-tester.h.technicalissues.us" = {
|
||||||
default = true;
|
default = true;
|
||||||
listen = [
|
listen = [
|
||||||
{ port = http_port; addr = "0.0.0.0"; }
|
{ port = http_port; addr = "0.0.0.0"; }
|
||||||
{ port = https_port; addr = "0.0.0.0"; }
|
{ port = https_port; addr = "0.0.0.0"; }
|
||||||
];
|
];
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
acmeRoot = null;
|
||||||
forceSSL = false;
|
forceSSL = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
@ -31,7 +49,14 @@ in {
|
||||||
|
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
defaults.email = "lets-encrypt@technicalissues.us";
|
defaults = {
|
||||||
|
email = "lets-encrypt@technicalissues.us";
|
||||||
|
credentialFiles = { "GANDIV5_API_KEY_FILE" = gandi_api; };
|
||||||
|
#credentialFiles = { "GANDIV5_PERSONAL_ACCESS_TOKEN_FILE" = gandi_dns_pat; };
|
||||||
|
dnsProvider = "gandiv5";
|
||||||
|
};
|
||||||
|
# uncomment below for testing
|
||||||
|
defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||||
};
|
};
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{ inputs, config, hostname, pkgs, sops-nix, username, ... }: {
|
{ config, pkgs, username, ... }: {
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./audiobookshelf.nix
|
./audiobookshelf.nix
|
||||||
|
|
|
||||||
76
modules/system/common/secrets.yaml
Normal file
76
modules/system/common/secrets.yaml
Normal file
|
|
@ -0,0 +1,76 @@
|
||||||
|
gandi_dns_pat: ENC[AES256_GCM,data:81tlAE6e655+RgKZVJgwYg6V59VtMmuVk5spkGZq1U6AgxYXO3wvsA==,iv:Dp5csrqHIAYloi5XkrBgDMqeIX/W+JFJ1avKbTnEU/Y=,tag:QjhdX4gv9OmWtQp7r06+RA==,type:str]
|
||||||
|
gandi_api: ENC[AES256_GCM,data:YsdDMk75miIKO4LkCZjfwJw6gxfrmsTL,iv:BOPRxB661sPJnUH1AUKEALIJfBeyAHZpkWJEDbY+7i8=,tag:TvtW7qhPbOqi9kKDcIe28w==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1a652ev7gekx4aj589s8fd27ul9j5ugpdwg7pxhmqcwdjwwq9gf2qv38um9
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBseHFTeDZoMElxVUZpWFVa
|
||||||
|
dmxvWEFkS0p6aTFraUNyNmtITTQ4bFdLNFVZCnlsTlE3TUVvMWdXS0psb0FOQVdP
|
||||||
|
UGtTVVQ3ZExQVUdvekFEa0lYZmRxdEkKLS0tIEEyMXdkZ0JyV0orSnVwL3hMWVpy
|
||||||
|
TTAvb09FUE1JaXpNSm80Mmx3Z292eVUKjJ8Q9y2PhU9NpgCjKYne7zY+I+fXvIhs
|
||||||
|
BB/lskZG/AVuGdBDHRf0yIVFd/j6inTWbP1u3wJ+Mf+dBnPAlS9rXg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1g24zhwvgenpc4wqejt63thvgd4rn5x9n7nnwwme7dm83nfqpp93se2vmq4
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYWWVCd0ZjMzkxZVdIR1JC
|
||||||
|
Q1plamZveGg1Z1FaK2VPb29CUVVia0Q4aFZ3CkNKUjl0S090SUMwU1dJenRONEpJ
|
||||||
|
WnZ6aEFwV2lrelBZV0p0UUQvaWdmS0kKLS0tIGh2OE5iTTRObFEraUpxN0YyTVpx
|
||||||
|
Mk5Sb0VCN1VjMnNNdzBBZWY3Q2FsUFkK7d9MAUNRL7GSF6diz/5X21BmMsyE5Cu3
|
||||||
|
18ycNiMLtUwGHsfxh+aLliFDBO32LwMI64/tKHDtx4sHQSBGoppsfQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age15xlw5vnnjdx2ypz6rq0mqcywuaj3yx8y6lrgf95satafqf7y4qus6rv6ck
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4UEc1M2UwTkduWnEyMG8x
|
||||||
|
TGVYaUpsSlNVcnBxdHZRWU8ydUJvMnZXTTNZCmtIenlWeDdvM0xQemI3Y1dXNlox
|
||||||
|
SUhNcG5iZE44WGhWL0NwUTZjSzhPNFkKLS0tIHIyaU1DOUxSV0VWVTRaQmhBbXVP
|
||||||
|
dGVWRnhIek1mV2FJemF1dzVwMjZqWUUKNvkzOwi6OR369S5e5y6TSfGA4/EH09WK
|
||||||
|
MWlH3fzABkCN+IeRmOmtU/L3MdHIiWanDWp6KdWCJJ3OnBO8cjMEig==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1awdf9h0avajf57cudx0rjfmxu2wlxw8wf3sa7yvfk8rp4j6taecsu74x77
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLOE5pYXFDdXQzblI1N01i
|
||||||
|
eFROYzVvK3cxN1pJMHlScW0rZjBScG9SMzBnCko4VDllS0pQMU5NdU5NbndWQWpq
|
||||||
|
NmhWK1RJSHpITktFWTZIN2JHRklqS2cKLS0tIFFjRE9Ia3Z0TzIyd2MrS2RRWU9k
|
||||||
|
d3FIL3dqTHRtQVJiS255aVVWZ1p3UjQKb+65IgxbWXtkidmlb5w5Cu11izXh5QgR
|
||||||
|
I1YAckCX6RlR3Mlcs/5cTyLakpc3ibm/g4+N9+EhlIQz4wIxmxAtHQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1rt72txg22w8y3cdvq9w7zff0cas6xtkplpj36kxnevfnrtn82f6ss7yw7d
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNb2hxZElESWd4eTFycFI1
|
||||||
|
YWpKS1ZpWmtYcy9JK2ZPQ1QzSXFjWXM5VzFjCk1CcmJmdE5yL0J1Q2RBN3Npa2hn
|
||||||
|
WWxZTHkwTnhZaXBYanpZTkRTRUdTcWcKLS0tIFA3SkVuVFFVT2NsbVBlNUdFRlUx
|
||||||
|
UE9sMXVVOW1ib3JBYUR5LzVFRFp3ZWcK2hwlxaEUexjqHcg86dSpJU37b8bkWO6r
|
||||||
|
mSygDEjU71u20G6sdMeoSyxepPtWJsVhnAMukFsnKZf6LyfiiCseAQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1zz34qx3n3dj63sva24kaymetv3apn58lafjq4dl6zw7xxachuyts00mhck
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoZndiK3FMOUptbDRGOVQ0
|
||||||
|
QnNSSEtlVHZtaUlRQlRySzJNUmdqbzRQRFZFCnNyOHRtNFhsWGEvTFRkNTRUbit6
|
||||||
|
OWh6cVRRTXhlQmxpY3JpNVFRdStuWkkKLS0tIElYZGRVVWVSTlBhRHhVYWRFSFhC
|
||||||
|
NERwYVhzTjRZUDBmbTM2QzEyay9vT2MK9QIINuuaagTz2wyF9NiNzE0aiwoAHquH
|
||||||
|
GK203V5jVnLXftOV09NIg3027m8KCRc7yEWOtcbH5UkGZxZCqESv9Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1rpy8edlpgxuf6w75cvlqexuq2xe4c49h9t2ge6jhc3fzczp8vfasnjelwq
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNY2xrM1BFRDdtckRGZkIz
|
||||||
|
Mkc5VzNHQzV5aC9xTzU4US80czFMcHNpbXpzCnlqUWliUjlra1U0Y0dJTDByMGFQ
|
||||||
|
MlRTd2FaT1QzMXFWZ3piVjZsZ1ZDemsKLS0tIENRdlVvNE5VT3VOc2hqM2ZnVUVY
|
||||||
|
ZlBVMUJmWml3dkQ3OTN1ZmF1N0hXNHcKnLOSViooQmhU5yE754VHIBYNRVikgptc
|
||||||
|
3bXDiOlkjBbxGru3bnn+vUUJ3n+QdZoAnCgdL7D2/Me3HVrAW5M5LA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-05T03:17:40Z"
|
||||||
|
mac: ENC[AES256_GCM,data:4u2rpoc20qDv3W6s3lgtYU+35cfaK1tOmMySuji07s7IxqXqmkAn/giynH7y+PQRLACV6XvKnysLwuTPanekmXqQx/cOPOIPPrXOwz4oDLncFILI+7H/ShFuRN3KKUq9+OZElO4lLO0PDL+6flo3Mq6oSbzzeqxqVXUvt5gG8So=,iv:WEoiZzIWxAsxr3+nUY7b/jewYn6YRraU+zIPBhin8JI=,tag:BN5zLe8jdrvvCFU0BbfiaQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
||||||
Loading…
Add table
Add a link
Reference in a new issue