NullCube/permafrost
1
0
Fork 0
forked from Zynh0722/permafrost
Code Pull requests Activity

certs: cloudflare key

Browse source
This commit is contained in:
Zynh Ludwig 2024-12-27 20:15:01 -08:00
parent 9bcc20b2d0
commit de4f48353e
2 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
modules/nginx.nix
View file

@ -24,6 +24,10 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.nginx.enable = true; services.nginx.enable = true;
sops.secrets."cloudflare/email" = { };
sops.secrets."cloudflare/api_key" = { };
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.certs.permafrost = lib.mkIf cfg.enableACME { security.acme.certs.permafrost = lib.mkIf cfg.enableACME {
email = "Zynh0722@gmail.com"; email = "Zynh0722@gmail.com";
@ -35,6 +39,12 @@ in
then "https://acme-staging-v02.api.letsencrypt.org/directory" then "https://acme-staging-v02.api.letsencrypt.org/directory"
else config.security.acme.defaults.server; else config.security.acme.defaults.server;
extraDomainNames = cfg.certDomains; extraDomainNames = cfg.certDomains;
dnsProvider = "cloudflare";
credentialFiles = {
"CF_API_EMAIL_FILE" = config.sops.secrets."cloudflare/email".path;
"CF_DNS_API_TOKEN_FILE" = config.sops.secrets."cloudflare/api_key".path;
};
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];

7
secrets.yaml
View file

@ -1,5 +1,8 @@
passwords: passwords:
ravenshade: ENC[AES256_GCM,data:zWSMfn1NhvjJ41w8gh8rWHAGhhfx/m19CDT+V8opc/ToDqSC83ajHJ7g9wo5UFuTfVqd3hhw0+CLAINp/QFf10790UPZmiTqrQ==,iv:WYfg7XG1J68IxAaG5HA/9hXaAo3DPdArozUm0WQNtR0=,tag:jfgcLT1/cDxW5AgIbksIgA==,type:str] ravenshade: ENC[AES256_GCM,data:zWSMfn1NhvjJ41w8gh8rWHAGhhfx/m19CDT+V8opc/ToDqSC83ajHJ7g9wo5UFuTfVqd3hhw0+CLAINp/QFf10790UPZmiTqrQ==,iv:WYfg7XG1J68IxAaG5HA/9hXaAo3DPdArozUm0WQNtR0=,tag:jfgcLT1/cDxW5AgIbksIgA==,type:str]
cloudflare:
email: ENC[AES256_GCM,data:1Z8m/dMfgNRFOuvndAL+5reB,iv://WYj8Y3a9Hy5P2wayA+aU1u06xqrsz1jabtZv0D46Q=,tag:Y8vYMWq4473gIqFcq9Yf9Q==,type:str]
api_key: ENC[AES256_GCM,data:LWWECE2TQfDoRT1nlPR/4tJ38msZNkIhze8EwkF4MvxA8lw4CslBjw==,iv:/cIBwSHQ0DViFcgI3jR8qlih1FvGYQDi6aV2licm9Pg=,tag:+43MkkEqHe++rJO5tyfXNw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -24,8 +27,8 @@ sops:
dUk3UkE4dEFTTlNqTmNMbkh2M0ZWSTgKBKhzo5inQL8LXWyiD7ZqjfXZpZFPWgM8 dUk3UkE4dEFTTlNqTmNMbkh2M0ZWSTgKBKhzo5inQL8LXWyiD7ZqjfXZpZFPWgM8
b4urS/bu1qvX12Nu4IYls/xLV6Tca5DJ5+cXfYMec4TcydlUVcxJLw== b4urS/bu1qvX12Nu4IYls/xLV6Tca5DJ5+cXfYMec4TcydlUVcxJLw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-28T05:25:33Z" lastmodified: "2024-12-28T05:40:19Z"
mac: ENC[AES256_GCM,data:8fnd7hhq3QplMCIL82VyHaWykHxoOzgovB8ij6B2B1f7C+h20PcaFlEZHWCb15L/kU6Hc3aL2rfkLR6DYAJnWRrTBLPyNHo0CvnUDTqVB0BU2asY27hPnAJZ2zBt6qdkk5enGf3qgKjQI+1HwftALhIstsiyiem8u/f4OX3HE0s=,iv:VU2SKF28hX4BXEFBhjZMiO+ZaNN7z5mVBviuzIc0vMA=,tag:5hJ/zR4r2BCVjQ7ZEM8V4g==,type:str] mac: ENC[AES256_GCM,data:yNooB5pD8mCD8BVOC7kojOyp64lHZoxJNxSFZjZvh1xCw5wCG95JuzCjHqdJKa0a84C6HfsLshGAQ3fM30DiZfwA9vKar+hPh/p7FksHgTrV0bi04pSImpBycOveztkQyLya39kI7kgKDbCG2wDJ72mYB89+oCQe+nC8cKKt88I=,iv:fpwobK48VBXPhax1IQ2z2/7oACTX3eGEEZmAp3T1pIc=,tag:BvDzVcgvKSmf0tfHiCgeXA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.9.2