dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/middleman: Add script to deploy mailcow SSL certs

Browse Source
This commit is contained in:
Jack O'Sullivan
2023-08-27 00:58:55 +01:00
parent ea03795dca
commit f10ce00f04
5 changed files with 89 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
nixos/boxes/colony/vms/shill/containers/middleman/default.nix
View File

@@ -50,6 +50,11 @@ in
owner = "acme";
group = "acme";
};
"middleman/mailcow-ssh.key" = {
owner = "acme";
group = "acme";
mode = "400";
};
"middleman/nginx-sso.yaml" = {
owner = "nginx-sso";
group = "nginx-sso";
@@ -175,11 +180,23 @@ in
];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."middleman/cloudflare-credentials.conf".path;
postRun =
let
sshKey = config.age.secrets."middleman/mailcow-ssh.key".path;
in
''
${pkgs.openssh}/bin/scp -i ${sshKey} key.pem fullchain.pem acme@mail.nul.ie:/tmp/
${pkgs.openssh}/bin/ssh -i ${sshKey} acme@mail.nul.ie mailcow-ssl-reload
'';
};
};
};
};
programs = {
ssh.knownHostsFiles = [ lib.my.sshHostKeys.mail-vm ];
};
services = {
netdata = {
enable = true;