diff --git a/lib.nix b/lib.nix index f8c9ca2..ce6f1a7 100644 --- a/lib.nix +++ b/lib.nix @@ -156,6 +156,7 @@ rec { filterOpts = filterAttrsRecursive (_: v: v != null); }; + pubDomain = "nul.ie"; colony = rec { domain = "test.int.nul.ie"; start = { diff --git a/nixos/boxes/colony/vms/shill/containers/middleman.nix b/nixos/boxes/colony/vms/shill/containers/middleman.nix index 30c8f0f..0023d7a 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman.nix @@ -39,15 +39,16 @@ owner = "acme"; group = "acme"; }; + "cloudflare-credentials.conf" = { + owner = "acme"; + group = "acme"; + }; }; }; firewall = { tcp.allowed = [ "http" "https" ]; }; - - tmproot.persistence.config.directories = [ - ]; }; users = { @@ -101,6 +102,13 @@ EXEC_PATH=${script} ''; }; + "${lib.my.pubDomain}" = { + extraDomainNames = [ + "*.${lib.my.pubDomain}" + ]; + dnsProvider = "cloudflare"; + credentialsFile = config.age.secrets."cloudflare-credentials.conf".path; + }; }; }; }; diff --git a/secrets/cloudflare-credentials.conf.age b/secrets/cloudflare-credentials.conf.age new file mode 100644 index 0000000..628f2e2 --- /dev/null +++ b/secrets/cloudflare-credentials.conf.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 H162lQ a/oJHGIB43DHpX/EUdal2ZyOlf+zYUbNwztGSP1iuGE +W8bd1I0rgDMEc18zjpP0d4dyp4PGd19/8vJFlVOsGSs +-> X25519 cjqYOE0e9IHvWvcGyOPDNTcNR6Ynv8TdRCoHiBx4UzI +/EzNz/SSzvs9DbCGr28B4/jwZMnpUxoBtDOt9Ombv4Y +-> x]-grease +fRt2HHsTmZbotWaLfgPZ4PT76A +--- M2/lLzEUiSmSuoPhtO/QAg+CPPvnBBMQhisX66A/aKE +bDl Γ +Gg-2JbtI:B1?Vۗz}3qI> { =H')U")HS1--pYƅHtn[ݟ-l|Uolg \ No newline at end of file