feat: use hetzner dns to get wildcard cert from lets encrypt #5

Merged
chef merged 1 commit from wildcard-certificate into main 2024-05-22 06:44:13 +00:00
4 changed files with 15 additions and 8 deletions
Showing only changes of commit d6eb3aa28b - Show all commits

View file

@ -1,14 +1,14 @@
_: { {config, ...}: {
age.secrets.hetzner-dns.file = ../../secrets/hetzner-dns.age;
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults.email = "acme@buffet.sh"; defaults.email = "acme@buffet.sh";
certs."buffet.sh" = { certs."buffet.sh" = {
extraDomainNames = [ domain = "*.buffet.sh";
"404.buffet.sh" group = "nginx";
"bitwarden.buffet.sh" dnsProvider = "hetzner";
"rap.buffet.sh" credentialsFile = config.age.secrets.hetzner-dns.path;
"buffets.kitchen"
];
}; };
}; };
} }

View file

@ -10,7 +10,7 @@
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts."buffet.sh" = { virtualHosts."buffet.sh" = {
enableACME = true; useACMEHost = "buffet.sh";
forceSSL = true; forceSSL = true;
root = "${website}"; root = "${website}";
}; };

View file

@ -3,6 +3,7 @@ let
in { in {
"secrets/bitwarden.age".publicKeys = [buffet]; "secrets/bitwarden.age".publicKeys = [buffet];
"secrets/borgpassword.age".publicKeys = [buffet]; "secrets/borgpassword.age".publicKeys = [buffet];
"secrets/hetzner-dns.age".publicKeys = [buffet];
"secrets/kitchen-runner-token.age".publicKeys = [buffet]; "secrets/kitchen-runner-token.age".publicKeys = [buffet];
"secrets/msmtppassword.age".publicKeys = [buffet]; "secrets/msmtppassword.age".publicKeys = [buffet];
} }

6
secrets/hetzner-dns.age Normal file
View file

@ -0,0 +1,6 @@
age-encryption.org/v1
-> ssh-ed25519 zRvPWg 3ihM8FBFjebzTErFkqn6Byfw2D/W45gkwVczLm0I7Tg
uV3GJXI9zKT1q4/Z3hF1eE8wN5fnDFMyJOH/3bcq+Vk
--- jcd587gk1OjweyDm7teUUt+6u3A7JXIX0aBEjBJPOBg
÷Úc;y§_taîŽíiÀ*­˜ÕþÁdKù^à÷xÚH+:=1ŒÙo)”
…¦C„wât&d©uÎ^ŽÔniÅÎzF@