2024-05-22 06:44:13 +00:00
4 changed files with 15 additions and 8 deletions
--- a/hosts/ami/acme.nix
+++ b/hosts/ami/acme.nix
@ -1,14 +1,14 @@
-_: {
+{config, ...}: {
  age.secrets.hetzner-dns.file = ../../secrets/hetzner-dns.age;
  security.acme = {
    acceptTerms = true;
    defaults.email = "acme@buffet.sh";
    certs."buffet.sh" = {
-      extraDomainNames = [
+      domain = "*.buffet.sh";
-        "404.buffet.sh"
+      group = "nginx";
-        "bitwarden.buffet.sh"
+      dnsProvider = "hetzner";
-        "rap.buffet.sh"
+      credentialsFile = config.age.secrets.hetzner-dns.path;
        "buffets.kitchen"
      ];
    };
  };
 }
--- a/hosts/ami/website.nix
+++ b/hosts/ami/website.nix
@ -10,7 +10,7 @@
    recommendedTlsSettings = true;
    virtualHosts."buffet.sh" = {
-      enableACME = true;
+      useACMEHost = "buffet.sh";
      forceSSL = true;
      root = "${website}";
    };
--- a/secrets.nix
+++ b/secrets.nix
@ -3,6 +3,7 @@ let
 in {
  "secrets/bitwarden.age".publicKeys = [buffet];
  "secrets/borgpassword.age".publicKeys = [buffet];
  "secrets/hetzner-dns.age".publicKeys = [buffet];
  "secrets/kitchen-runner-token.age".publicKeys = [buffet];
  "secrets/msmtppassword.age".publicKeys = [buffet];
 }
--- a/secrets/hetzner-dns.age
+++ b/secrets/hetzner-dns.age
@ -0,0 +1,6 @@
 age-encryption.org/v1
 -> ssh-ed25519 zRvPWg 3ihM8FBFjebzTErFkqn6Byfw2D/W45gkwVczLm0I7Tg
 uV3GJXI9zKT1q4/Z3hF1eE8wN5fnDFMyJOH/3bcq+Vk
 --- jcd587gk1OjweyDm7teUUt+6u3A7JXIX0aBEjBJPOBg
 ÷Úc;y§_taîŽíiÀ*˜ÕþÁdKù^à÷xÚH+:=1ŒÙo)”
 …¦C„wât&d©uÎ^ŽÔniÅÎzF@