RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-07-29 19:17:45 +00:00
Code Issues Activity

Move acme env file to its own directory

Browse source
This commit is contained in:
RGBCube 2024-04-30 18:06:37 +03:00
parent 6c1bdaaec4
commit a788e9b955
No known key found for this signature in database
7 changed files with 10 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -5,6 +5,7 @@
!hosts/ !hosts/
!hosts/cube/ !hosts/cube/
!hosts/cube/acme/
!hosts/cube/forgejo/ !hosts/cube/forgejo/
!hosts/cube/grafana/ !hosts/cube/grafana/
!hosts/cube/matrix/ !hosts/cube/matrix/

6
hosts/cube/acme.nix → hosts/cube/acme/default.nix
View file

@ -1,15 +1,15 @@
{ self, config, lib, ... }: with lib; { config, lib, ... }: with lib;
let let
inherit (config.networking) domain; inherit (config.networking) domain;
in systemConfiguration { in systemConfiguration {
secrets.acmePassword.file = self + /hosts/password.acme.age; secrets.acmeEnvironment.file = ./environment.age;
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
environmentFile = config.secrets.acmePassword.path; environmentFile = config.secrets.acmeEnvironment.path;
dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1"; dnsResolver = "1.1.1.1";
email = "security@${domain}"; email = "security@${domain}";

0
hosts/password.acme.age → hosts/cube/acme/environment.age
View file

2
hosts/cube/forgejo/default.nix
View file

@ -8,7 +8,7 @@ let
port = 8001; port = 8001;
in systemConfiguration { in systemConfiguration {
secrets.forgejoMailPassword = { secrets.forgejoMailPassword = {
file = ../../disk/mail/password.plain.age; file = self + /hosts/disk/mail/password.plain.age;
owner = "forgejo"; owner = "forgejo";
}; };
secrets.forgejoRunnerPassword = { secrets.forgejoRunnerPassword = {

2
hosts/cube/grafana/default.nix
View file

@ -12,7 +12,7 @@ in systemConfiguration {
owner = "grafana"; owner = "grafana";
}; };
secrets.grafanaMailPassword = { secrets.grafanaMailPassword = {
file = ../../disk/mail/password.plain.age; file = self + /hosts/disk/mail/password.plain.age;
owner = "grafana"; owner = "grafana";
}; };

2
hosts/disk/site6.nix
View file

@ -2,7 +2,7 @@
systemConfiguration { systemConfiguration {
imports = [ imports = [
(self + /hosts/cube/acme.nix) (self + /hosts/cube/acme)
(self + /hosts/cube/nginx.nix) (self + /hosts/cube/nginx.nix)
(self + /hosts/cube/site.nix) (self + /hosts/cube/site.nix)
]; ];

5
secrets.nix
View file

@ -7,6 +7,8 @@ in with keys; {
"hosts/cube/id.age".publicKeys = [ cube enka ]; "hosts/cube/id.age".publicKeys = [ cube enka ];
"hosts/cube/password.rgb.age".publicKeys = [ cube enka ]; "hosts/cube/password.rgb.age".publicKeys = [ cube enka ];
"hosts/cube/acme/environment.age".publicKeys = all;
"hosts/cube/forgejo/password.runner.age".publicKeys = [ cube enka ]; "hosts/cube/forgejo/password.runner.age".publicKeys = [ cube enka ];
"hosts/cube/grafana/password.age".publicKeys = [ cube enka ]; "hosts/cube/grafana/password.age".publicKeys = [ cube enka ];
@ -22,7 +24,7 @@ in with keys; {
"hosts/disk/id.age".publicKeys = [ disk enka ]; "hosts/disk/id.age".publicKeys = [ disk enka ];
"hosts/disk/password.floppy.age".publicKeys = [ disk enka ]; "hosts/disk/password.floppy.age".publicKeys = [ disk enka ];
"hosts/disk/mail/password.plain.age".publicKeys = [ cube disk enka ]; # TODO: Move to shared. "hosts/disk/mail/password.plain.age".publicKeys = all;
"hosts/disk/mail/password.hash.age".publicKeys = [ disk enka ]; "hosts/disk/mail/password.hash.age".publicKeys = [ disk enka ];
### enka ### enka
@ -30,6 +32,5 @@ in with keys; {
"hosts/enka/password.said.age".publicKeys = [ enka ]; "hosts/enka/password.said.age".publicKeys = [ enka ];
### shared ### shared
"hosts/password.acme.age".publicKeys = all;
"modules/ssh/config.age".publicKeys = all; "modules/ssh/config.age".publicKeys = all;
} }