fixing acme

2022-12-20 13:57:38 -03:00 · 2022-12-20 13:57:38 -03:00 · c073ae375a
commit c073ae375a
parent e19f0c688e
5 changed files with 16 additions and 16 deletions
--- a/hosts/servers/alexandria/hosted-services.nix
+++ b/hosts/servers/alexandria/hosted-services.nix
@ -1,6 +1,8 @@
 { config, pkgs, libs, ... }:

 {
+  users.users.nginx.extraGroups = [ "acme" ];
+
  services = {
    nginx = {
      enable = true;
@ -9,17 +11,7 @@
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      virtualHosts = {
-        "baduhai.me" = { useACMEHoost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8000/"; };
-#         "detect.baduhai.me"     = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8001/"; };
-#         "cinny.baduhai.me"      = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8002/"; };
-#         "jellyfin.baduhai.me"   = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8003/"; };
-#         "librespeed.baduhai.me" = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8004/"; };
-#         "paperless.baduhai.me"  = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8005/"; };
-#         "pyload.baduhai.me"     = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8006/"; };
-#         "shiori.baduhai.me"     = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8007/"; };
-#         "sync.baduhai.me"       = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8008/"; };
-#         "whoogle.baduhai.me"    = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://127.0.0.1:8009/"; };
-#         "adguard.baduhai.me"    = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://100.77.225.37:3000/"; };
+        "baduhai.me" = { useACMEHost = "baduhai.me"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://127.0.0.1:8000/"; };
      };
    };
  };
--- a/hosts/servers/alexandria/security.nix
+++ b/hosts/servers/alexandria/security.nix
@ -1,18 +1,18 @@
 { config, pkgs, libs, ... }:

 {
-  age.secrets.cloudflare-dns-api-key.file = ../../../secrets/cloudflare-dns-api-key.age;
+  age.secrets.cloudflare-creds.file = ../../../secrets/cloudflare-creds.age;

  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "baduhai@proton.me";
-      dnsResolver = "1.1.1.1:53";
+      dnsResolver = "100.100.100.100:53";
      dnsProvider = "cloudflare";
-      credentialsFile = config.age.secrets.cloudflare-dns-api-key.path;
+      credentialsFile = config.age.secrets.cloudflare-creds.path;
    };
    certs."baduhai.me" = {
-      extraDomainNames = "*.baduhai.me";
+      extraDomainNames = [ "*.baduhai.me" ];
    };
  };
 }
--- a/secrets/cloudflare-creds.age
+++ b/secrets/cloudflare-creds.age
@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 J6tVTA og1niFee66jNL4Kfi3QKV2kd/5v0/jStyJK/Qv1JoSo
+WB5rwJTWzaMTIWkzuugyncLpUoxVtYWUKMS1r8uGs6g
+-> NO;Ye`G-grease C rGGC SH>6Ts ;oa~sU
+6f6ROG3cBPQrlQ
+--- T8+r+Alz+tmTRG9T9n8jmqFcoWh0YsdeKzUtprjOsbY
+;Õ±Jè<14>Åö‘:@
TÅI8Ê§ÕE„5Yäó÷n
‚ÑÖw`Pco
+Á-0ÍFª˜–×–<C397>Z›-°Y“z–†<E28093>WôMÜ,FÒÔ'ˆrqœ«uÖ¤<C396>3<EFBFBD>Dl?*júV´¨±E÷kU^à…ÆÓ"áJ;o<Íß‹Ø½²v
ì
--- a/secrets/cloudflare-dns-api-key.age
+++ b/secrets/cloudflare-dns-api-key.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -6,5 +6,5 @@ let
  servers = [ alexandria ];
 in
 {
-  "cloudflare-dns-api-key.age".publicKeys = [ alexandria ];
+  "cloudflare-creds.age".publicKeys = [ alexandria ];
 }