feat: use hetzner dns to get wildcard cert from lets encrypt
All checks were successful
/ check (pull_request) Successful in 2m23s
All checks were successful
/ check (pull_request) Successful in 2m23s
This commit is contained in:
parent
f045fb0482
commit
d6eb3aa28b
4 changed files with 15 additions and 8 deletions
|
@ -1,14 +1,14 @@
|
||||||
_: {
|
{config, ...}: {
|
||||||
|
age.secrets.hetzner-dns.file = ../../secrets/hetzner-dns.age;
|
||||||
|
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
defaults.email = "acme@buffet.sh";
|
defaults.email = "acme@buffet.sh";
|
||||||
certs."buffet.sh" = {
|
certs."buffet.sh" = {
|
||||||
extraDomainNames = [
|
domain = "*.buffet.sh";
|
||||||
"404.buffet.sh"
|
group = "nginx";
|
||||||
"bitwarden.buffet.sh"
|
dnsProvider = "hetzner";
|
||||||
"rap.buffet.sh"
|
credentialsFile = config.age.secrets.hetzner-dns.path;
|
||||||
"buffets.kitchen"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -10,7 +10,7 @@
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
|
|
||||||
virtualHosts."buffet.sh" = {
|
virtualHosts."buffet.sh" = {
|
||||||
enableACME = true;
|
useACMEHost = "buffet.sh";
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
root = "${website}";
|
root = "${website}";
|
||||||
};
|
};
|
||||||
|
|
|
@ -3,6 +3,7 @@ let
|
||||||
in {
|
in {
|
||||||
"secrets/bitwarden.age".publicKeys = [buffet];
|
"secrets/bitwarden.age".publicKeys = [buffet];
|
||||||
"secrets/borgpassword.age".publicKeys = [buffet];
|
"secrets/borgpassword.age".publicKeys = [buffet];
|
||||||
|
"secrets/hetzner-dns.age".publicKeys = [buffet];
|
||||||
"secrets/kitchen-runner-token.age".publicKeys = [buffet];
|
"secrets/kitchen-runner-token.age".publicKeys = [buffet];
|
||||||
"secrets/msmtppassword.age".publicKeys = [buffet];
|
"secrets/msmtppassword.age".publicKeys = [buffet];
|
||||||
}
|
}
|
||||||
|
|
6
secrets/hetzner-dns.age
Normal file
6
secrets/hetzner-dns.age
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 zRvPWg 3ihM8FBFjebzTErFkqn6Byfw2D/W45gkwVczLm0I7Tg
|
||||||
|
uV3GJXI9zKT1q4/Z3hF1eE8wN5fnDFMyJOH/3bcq+Vk
|
||||||
|
--- jcd587gk1OjweyDm7teUUt+6u3A7JXIX0aBEjBJPOBg
|
||||||
|
÷Úc;y§_taîŽíiÀ*˜ÕþÁdKù^à÷xÚH+:=1ŒÙo)”
|
||||||
|
…¦C„wât&d©uÎ^ŽÔniÅÎzF@
|
Loading…
Reference in a new issue