nixos/middleman: Let's Encrypt for main domain

2022-06-06 01:12:18 +01:00 · 2022-06-06 01:12:18 +01:00 · ffeb333bbc
commit ffeb333bbc
parent 60b2b6ec80
3 changed files with 22 additions and 3 deletions
--- a/lib.nix
+++ b/lib.nix
@ -156,6 +156,7 @@ rec {
    filterOpts = filterAttrsRecursive (_: v: v != null);
  };

+  pubDomain = "nul.ie";
  colony = rec {
    domain = "test.int.nul.ie";
    start = {
--- a/nixos/boxes/colony/vms/shill/containers/middleman.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman.nix
@ -39,15 +39,16 @@
                  owner = "acme";
                  group = "acme";
                };
+                "cloudflare-credentials.conf" = {
+                  owner = "acme";
+                  group = "acme";
+                };
              };
            };

            firewall = {
              tcp.allowed = [ "http" "https" ];
            };
-
-            tmproot.persistence.config.directories = [
-            ];
          };

          users = {
@ -101,6 +102,13 @@
                    EXEC_PATH=${script}
                  '';
                };
+                "${lib.my.pubDomain}" = {
+                  extraDomainNames = [
+                    "*.${lib.my.pubDomain}"
+                  ];
+                  dnsProvider = "cloudflare";
+                  credentialsFile = config.age.secrets."cloudflare-credentials.conf".path;
+                };
              };
            };
          };
--- a/secrets/cloudflare-credentials.conf.age
+++ b/secrets/cloudflare-credentials.conf.age
@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 H162lQ a/oJHGIB43DHpX/EUdal2ZyOlf+zYUbNwztGSP1iuGE
+W8bd1I0rgDMEc18zjpP0d4dyp4PGd19/8vJFlVOsGSs
+-> X25519 cjqYOE0e9IHvWvcGyOPDNTcNR6Ynv8TdRCoHiBx4UzI
+/EzNz/SSzvs9DbCGr28B4/jwZMnpUxoBtDOt9Ombv4Y
+-> x]-grease
+fRt2HHsTmZbotWaLfgPZ4PT76A
+--- M2/lLzEUiSmSuoPhtO/QAg+CPPvnBBMQhisX66A/aKE
+ŸbDœýl¨‹Òð÷	<09>½·Î“»€
+ˆG¸¤g”-˜2“êðJbç†àt‹IÕ:B·Ù1õ?»VëÛ—óz÷Á™}ù3õqÒIÇü¾þ’>Å
{ÌâæÖ=œÁHê')UŠ"°)HS¢Éæ1-Ö-–pêåêYÆ…½HÖtn<74>ìà[ÐÝŸ-¬òl™Ö|Uolgç¨Ó