mirror of
https://github.com/oddlama/nix-config.git
synced 2025-10-11 07:10:39 +02:00
feat: add new host envoy for mail, switch disko to partlabel
This commit is contained in:
parent
303fbd5595
commit
289fcdd197
45 changed files with 302 additions and 154 deletions
30
hosts/envoy/acme.nix
Normal file
30
hosts/envoy/acme.nix
Normal file
|
@ -0,0 +1,30 @@
|
|||
{config, ...}: let
|
||||
inherit (config.repo.secrets.local) acme;
|
||||
in {
|
||||
age.secrets.acme-cloudflare-dns-token = {
|
||||
rekeyFile = ./secrets/acme-cloudflare-dns-token.age;
|
||||
mode = "440";
|
||||
group = "acme";
|
||||
};
|
||||
|
||||
age.secrets.acme-cloudflare-zone-token = {
|
||||
rekeyFile = ./secrets/acme-cloudflare-zone-token.age;
|
||||
mode = "440";
|
||||
group = "acme";
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults = {
|
||||
inherit (acme) email;
|
||||
credentialFiles = {
|
||||
CF_DNS_API_TOKEN_FILE = config.age.secrets.acme-cloudflare-dns-token.path;
|
||||
CF_ZONE_API_TOKEN_FILE = config.age.secrets.acme-cloudflare-zone-token.path;
|
||||
};
|
||||
dnsProvider = "cloudflare";
|
||||
dnsPropagationCheck = true;
|
||||
reloadServices = ["nginx"];
|
||||
};
|
||||
wildcardDomains = acme.domains;
|
||||
};
|
||||
}
|
Loading…
Add table
Add a link
Reference in a new issue