nixos/middleman: Let's Encrypt for main domain

2022-06-06 01:12:18 +01:00 · 2022-06-06 01:12:18 +01:00 · ffeb333bbc
commit ffeb333bbc
parent 60b2b6ec80
3 changed files with 22 additions and 3 deletions
--- a/lib.nix
+++ b/lib.nix
@ -156,6 +156,7 @@ rec {
    filterOpts = filterAttrsRecursive (_: v: v != null);
  };
  pubDomain = "nul.ie";
  colony = rec {
    domain = "test.int.nul.ie";
    start = {
--- a/nixos/boxes/colony/vms/shill/containers/middleman.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman.nix
@ -39,15 +39,16 @@
                  owner = "acme";
                  group = "acme";
                };
                "cloudflare-credentials.conf" = {
                  owner = "acme";
                  group = "acme";
                };
              };
            };
            firewall = {
              tcp.allowed = [ "http" "https" ];
            };
            tmproot.persistence.config.directories = [
            ];
          };
          users = {
@ -101,6 +102,13 @@
                    EXEC_PATH=${script}
                  '';
                };
                "${lib.my.pubDomain}" = {
                  extraDomainNames = [
                    "*.${lib.my.pubDomain}"
                  ];
                  dnsProvider = "cloudflare";
                  credentialsFile = config.age.secrets."cloudflare-credentials.conf".path;
                };
              };
            };
          };
--- a/secrets/cloudflare-credentials.conf.age
+++ b/secrets/cloudflare-credentials.conf.age
@ -0,0 +1,10 @@
 age-encryption.org/v1
 -> ssh-ed25519 H162lQ a/oJHGIB43DHpX/EUdal2ZyOlf+zYUbNwztGSP1iuGE
 W8bd1I0rgDMEc18zjpP0d4dyp4PGd19/8vJFlVOsGSs
 -> X25519 cjqYOE0e9IHvWvcGyOPDNTcNR6Ynv8TdRCoHiBx4UzI
 /EzNz/SSzvs9DbCGr28B4/jwZMnpUxoBtDOt9Ombv4Y
 -> x]-grease
 fRt2HHsTmZbotWaLfgPZ4PT76A
 --- M2/lLzEUiSmSuoPhtO/QAg+CPPvnBBMQhisX66A/aKE
 ŸbDœýl¨‹Òð÷	<09>½·Î“»€
 ˆG¸¤g”-˜2“êðJbç†àt‹IÕ:B·Ù1õ?»VëÛ—óz÷Á™}ù3õqÒIÇü¾þ’>Å
{ÌâæÖ=œÁHê')UŠ"°)HS¢Éæ1-Ö-–pêåêYÆ…½HÖtn<74>ìà[ÐÝŸ-¬òl™Ö|Uolgç¨Ó