fixing acme

hosts/servers/alexandria/hosted-services.nix

@@ -1,6 +1,8 @@
 { config, pkgs, libs, ... }:
 
 {
+  users.users.nginx.extraGroups = [ "acme" ];
+
   services = {
     nginx = {
       enable = true;
@@ -9,17 +11,7 @@
       recommendedProxySettings = true;
       recommendedTlsSettings = true;
       virtualHosts = {
-        "baduhai.me" = { useACMEHoost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8000/"; };
+        "baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8000/"; };
-#         "detect.baduhai.me"     = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8001/"; };
-#         "cinny.baduhai.me"      = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8002/"; };
-#         "jellyfin.baduhai.me"   = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8003/"; };
-#         "librespeed.baduhai.me" = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8004/"; };
-#         "paperless.baduhai.me"  = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8005/"; };
-#         "pyload.baduhai.me"     = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8006/"; };
-#         "shiori.baduhai.me"     = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8007/"; };
-#         "sync.baduhai.me"       = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8008/"; };
-#         "whoogle.baduhai.me"    = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8009/"; };
-#         "adguard.baduhai.me"    = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://100.77.225.37:3000/"; };
       };
     };
   };

hosts/servers/alexandria/security.nix

@@ -1,18 +1,18 @@
 { config, pkgs, libs, ... }:
 
 {
-  age.secrets.cloudflare-dns-api-key.file = ../../../secrets/cloudflare-dns-api-key.age;
+  age.secrets.cloudflare-creds.file = ../../../secrets/cloudflare-creds.age;
 
   security.acme = {
     acceptTerms = true;
     defaults = {
       email = "baduhai@proton.me";
-      dnsResolver = "1.1.1.1:53";
+      dnsResolver = "100.100.100.100:53";
       dnsProvider = "cloudflare";
-      credentialsFile = config.age.secrets.cloudflare-dns-api-key.path;
+      credentialsFile = config.age.secrets.cloudflare-creds.path;
     };
     certs."baduhai.me" = {
-      extraDomainNames = "*.baduhai.me";
+      extraDomainNames = [ "*.baduhai.me" ];
     };
   };
 }

secrets/cloudflare-creds.age

@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 J6tVTA og1niFee66jNL4Kfi3QKV2kd/5v0/jStyJK/Qv1JoSo
+WB5rwJTWzaMTIWkzuugyncLpUoxVtYWUKMS1r8uGs6g
+-> NO;Ye`G-grease C rGGC SH>6Ts ;oa~sU
+6f6ROG3cBPQrlQ
+--- T8+r+Alz+tmTRG9T9n8jmqFcoWh0YsdeKzUtprjOsbY
+;Õ±Jè<14>Åö‘:@
TÅI8ʧÕE„5Yäó÷n
‚ÑÖw`Pco
+Á-0ÍFª˜–×–<C397>Z›-°Y“z–†<E28093>WôMÜ,FÒÔ'ˆrqœ«uÖ¤<C396>3<EFBFBD>Dl?*júV´¨­±E÷kU^à…ÆÓ"áJ;o<Íߋؽ²v
ì

secrets/secrets.nix

@@ -6,5 +6,5 @@ let
   servers = [ alexandria ];
 in
 {
-  "cloudflare-dns-api-key.age".publicKeys = [ alexandria ];
+  "cloudflare-creds.age".publicKeys = [ alexandria ];
 }