feat(acme): Switch to porkbun

2025-02-01 18:16:52 +08:00 · 2025-02-01 18:16:52 +08:00 · 78c81a1028
commit 78c81a1028
parent 68450870cf
4 changed files with 30 additions and 15 deletions
--- a/configuration/nginx.nix
+++ b/configuration/nginx.nix
@ -47,10 +47,17 @@
    acceptTerms = true;

    certs."tlater.net" = {
-      extraDomainNames = [ "*.tlater.net" ];
-      dnsProvider = "hetzner";
+      extraDomainNames = [
+        "*.tlater.net"
+        "tlater.com"
+        "*.tlater.com"
+      ];
+      dnsProvider = "porkbun";
      group = "nginx";
-      credentialFiles."HETZNER_API_KEY_FILE" = config.sops.secrets."hetzner-api".path;
+      credentialFiles = {
+        PORKBUN_API_KEY_FILE = config.sops.secrets."porkbun/api-key".path;
+        PORKBUN_SECRET_API_KEY_FILE = config.sops.secrets."porkbun/secret-api-key".path;
+      };
    };
  };

--- a/configuration/sops.nix
+++ b/configuration/sops.nix
@ -34,16 +34,20 @@
      "heisenbridge/as-token" = { };
      "heisenbridge/hs-token" = { };

-      "hetzner-api" = {
-        owner = "acme";
-      };
-
      # Nextcloud
      "nextcloud/tlater" = {
        owner = "nextcloud";
        group = "nextcloud";
      };

+      # Porkbub/ACME
+      "porkbun/api-key" = {
+        owner = "acme";
+      };
+      "porkbun/secret-api-key" = {
+        owner = "acme";
+      };
+
      # Restic
      "restic/local-backups" = {
        owner = "root";