feat: use hetzner dns to get wildcard cert from lets encrypt
All checks were successful
/ check (pull_request) Successful in 2m23s
All checks were successful
/ check (pull_request) Successful in 2m23s
This commit is contained in:
parent
f045fb0482
commit
d6eb3aa28b
4 changed files with 15 additions and 8 deletions
|
@ -1,14 +1,14 @@
|
|||
_: {
|
||||
{config, ...}: {
|
||||
age.secrets.hetzner-dns.file = ../../secrets/hetzner-dns.age;
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "acme@buffet.sh";
|
||||
certs."buffet.sh" = {
|
||||
extraDomainNames = [
|
||||
"404.buffet.sh"
|
||||
"bitwarden.buffet.sh"
|
||||
"rap.buffet.sh"
|
||||
"buffets.kitchen"
|
||||
];
|
||||
domain = "*.buffet.sh";
|
||||
group = "nginx";
|
||||
dnsProvider = "hetzner";
|
||||
credentialsFile = config.age.secrets.hetzner-dns.path;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts."buffet.sh" = {
|
||||
enableACME = true;
|
||||
useACMEHost = "buffet.sh";
|
||||
forceSSL = true;
|
||||
root = "${website}";
|
||||
};
|
||||
|
|
|
@ -3,6 +3,7 @@ let
|
|||
in {
|
||||
"secrets/bitwarden.age".publicKeys = [buffet];
|
||||
"secrets/borgpassword.age".publicKeys = [buffet];
|
||||
"secrets/hetzner-dns.age".publicKeys = [buffet];
|
||||
"secrets/kitchen-runner-token.age".publicKeys = [buffet];
|
||||
"secrets/msmtppassword.age".publicKeys = [buffet];
|
||||
}
|
||||
|
|
6
secrets/hetzner-dns.age
Normal file
6
secrets/hetzner-dns.age
Normal file
|
@ -0,0 +1,6 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 zRvPWg 3ihM8FBFjebzTErFkqn6Byfw2D/W45gkwVczLm0I7Tg
|
||||
uV3GJXI9zKT1q4/Z3hF1eE8wN5fnDFMyJOH/3bcq+Vk
|
||||
--- jcd587gk1OjweyDm7teUUt+6u3A7JXIX0aBEjBJPOBg
|
||||
÷Úc;y§_taîŽíiÀ*˜ÕþÁdKù^à÷xÚH+:=1ŒÙo)”
|
||||
…¦C„wât&d©uÎ^ŽÔniÅÎzF@
|
Loading…
Reference in a new issue