From a8de5feb77934d5023c2bb407419b8a1fcf5c0cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tristan=20Dani=C3=ABl=20Maat?= Date: Sun, 17 Nov 2024 19:32:54 +0100 Subject: [PATCH] WIP: acme: Add tlater.com --- configuration/nginx.nix | 15 +++++++++++++-- configuration/sops.nix | 8 ++++++++ keys/production.yaml | 7 +++++-- 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/configuration/nginx.nix b/configuration/nginx.nix index b38118b..7d4a0fc 100644 --- a/configuration/nginx.nix +++ b/configuration/nginx.nix @@ -43,15 +43,26 @@ ) config.services.nginx.virtualHosts; security.acme = { - defaults.email = "tm@tlater.net"; + defaults = { + email = "tm@tlater.net"; + group = "nginx"; + }; acceptTerms = true; certs."tlater.net" = { extraDomainNames = [ "*.tlater.net" ]; dnsProvider = "hetzner"; - group = "nginx"; credentialFiles."HETZNER_API_KEY_FILE" = config.sops.secrets."hetzner-api".path; }; + + certs."tlater.com" = { + extraDomainNames = [ "*.tlater.com" ]; + dnsProvider = "porkbun"; + credentialFiles = { + "PORKBUN_API_KEY_FILE" = config.sops.secrets."porkbun/api".path; + "PORKBUN_SECRET_API_KEY_FILE" = config.sops.secrets."porkbun/secret-api".path; + }; + }; }; services.backups.acme = { diff --git a/configuration/sops.nix b/configuration/sops.nix index bc21834..16ba93a 100644 --- a/configuration/sops.nix +++ b/configuration/sops.nix @@ -38,6 +38,14 @@ owner = "acme"; }; + "porkbun/api" = { + owner = "acme"; + }; + + "porkbun/secret-api" = { + owner = "acme"; + }; + # Nextcloud "nextcloud/tlater" = { owner = "nextcloud"; diff --git a/keys/production.yaml b/keys/production.yaml index da90860..b312390 100644 --- a/keys/production.yaml +++ b/keys/production.yaml @@ -1,4 +1,7 @@ hetzner-api: ENC[AES256_GCM,data:OsUfo86AzcBe/OELkfB5brEfsZ4gkbeehxwIVUBwQgE=,iv:Bt/cjlZ6oZEVUOQjWMDL7/mfL3HWLFAw1tEGeLMgeKg=,tag:TMU2XiHlMgP4aes10mIQYQ==,type:str] +porkbun: + api: ENC[AES256_GCM,data:lnspaxOUMMUh4IzWJQ4yizXob3YCMJeDKeqTf/pjPHdpiIDu/TZ+XUer6DPtLtJwUFz82528/HNtIE0RrxYw2lFiam8=,iv:nKp6eqFtHozioc5TvAXJFCqZbxI75kUIGbSrpfspSGE=,tag:+IRfb4xoowSCohw/08xKkw==,type:str] + secret-api: ENC[AES256_GCM,data:nVQI/IH+DaTyOkogUoFs8J9ZzgJTsYAFSsx3KhhkVv4mQp3h+azktSKlth1oa0e71EEPMaYxDLNIhKkn4kUTnaM7iB4=,iv:pCm0YVdqTMDl/hUYyk65S1bwsBWcx0kepIopXwrPTfY=,tag:ScANzcC7qrzKDbFBzpXyiA==,type:str] battery-manager: email: ENC[AES256_GCM,data:rYLUACXR/n+bLBmZ,iv:sUBEkh2+7qGjHZ5R23e/hoCiyTA7GTL4bJvXmxjZ5Sw=,tag:fdPMllaQQfRgX0WZKIre4g==,type:str] password: ENC[AES256_GCM,data:7cokZa6Q6ahSeiFPz+cV,iv:vz405P0IcG9FsAQXlY7mi78GuushQUKJm2irG6buGzc=,tag:JLHG2jTkJDGbinAq9dXRsQ==,type:str] @@ -32,8 +35,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-04-15T23:13:18Z" - mac: ENC[AES256_GCM,data:3/v+WgSWJ+VcBSBe1Wkis3z+tMmSjbKzLFqBB8xugc6DvgQG8J+1HRrPucLnpNNtEdmpyoTa72U6fPm6JnyUsuj5pLEghLprOJkqQNdRI06fllhw+9d3e3twx6D4oIIsVH6/io4ElXrGsGQTsfNbYhgn+987wa3WP5N25fBac3U=,iv:FL3tzPutOMN6IPkQfXIu/JOZT+OzUSqpMSQrUeXZQHE=,tag:jL1BTsYTA9XjrsjFszxZhA==,type:str] + lastmodified: "2024-11-17T18:21:07Z" + mac: ENC[AES256_GCM,data:51FoQta3+opyqJKYR0xHuToLbJh3wQlByM78FgtsWjnQXME4+Fo8khfZzroqv9sAHZ62iarUXc8lCiR0u5YvqCgraE6qvDrHIy8nwh2/nwkpyPUSBEvkkDSakyLmvrIkRbV9XbI1qo3OunnZoFP4MqMblvlMclA2Y+LiIUgyxxE=,iv:vustCOMYyp06Xtylj1DoQ4370X1RCWppeu/mCoKQhmk=,tag:L4GujQF+O6KEQeyYA+LFOA==,type:str] pgp: - created_at: "2024-03-18T04:02:00Z" enc: |-