From 6f1c20a718617cb48d0de4d3677a4b8ad5f47f54 Mon Sep 17 00:00:00 2001 From: oddlama Date: Sun, 17 Dec 2023 20:56:16 +0100 Subject: [PATCH] feat: update credentialsFile to credentialFiles in acme --- hosts/sentinel/acme.nix | 15 ++++++++++++--- .../secrets/acme-cloudflare-dns-token.age | Bin 0 -> 404 bytes .../secrets/acme-cloudflare-zone-token.age | 10 ++++++++++ hosts/sentinel/secrets/acme-credentials.age | Bin 527 -> 0 bytes 4 files changed, 22 insertions(+), 3 deletions(-) create mode 100644 hosts/sentinel/secrets/acme-cloudflare-dns-token.age create mode 100644 hosts/sentinel/secrets/acme-cloudflare-zone-token.age delete mode 100644 hosts/sentinel/secrets/acme-credentials.age diff --git a/hosts/sentinel/acme.nix b/hosts/sentinel/acme.nix index 5100774..c257605 100644 --- a/hosts/sentinel/acme.nix +++ b/hosts/sentinel/acme.nix @@ -1,8 +1,14 @@ {config, ...}: let inherit (config.repo.secrets.local) acme; in { - age.secrets.acme-credentials = { - rekeyFile = ./secrets/acme-credentials.age; + age.secrets.acme-cloudflare-dns-token = { + rekeyFile = ./secrets/acme-cloudflare-dns-token.age; + mode = "440"; + group = "acme"; + }; + + age.secrets.acme-cloudflare-zone-token = { + rekeyFile = ./secrets/acme-cloudflare-zone-token.age; mode = "440"; group = "acme"; }; @@ -11,7 +17,10 @@ in { acceptTerms = true; defaults = { inherit (acme) email; - credentialsFile = config.age.secrets.acme-credentials.path; + credentialFiles = { + CF_DNS_API_TOKEN_FILE = config.age.secrets.acme-cloudflare-dns-token.path; + CF_ZONE_API_TOKEN_FILE = config.age.secrets.acme-cloudflare-zone-token.path; + }; dnsProvider = "cloudflare"; dnsPropagationCheck = true; reloadServices = ["nginx"]; diff --git a/hosts/sentinel/secrets/acme-cloudflare-dns-token.age b/hosts/sentinel/secrets/acme-cloudflare-dns-token.age new file mode 100644 index 0000000000000000000000000000000000000000..612643b5754f30918558bdf70361e9b5b8b0f50c GIT binary patch literal 404 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR2FFfuhYv{Y~|bgL+`^mp<0b}IBs2`=)< zEGWt}PL0S3_R4iMD=RU`s?5$v3^ERNE#}I}$SyH=ar8_qa&;{(H1IJtjjXcpFiY{s z$gj#NH22EL@k=$yF0XRR2n5+skXfc%U}S2hP*E71Y7wa5SQ?~n6lPfIZ;)7J>1~>u znB(sp7Fv;LP!S%LomuW1UJ;O{@8gr|66WQ>m06@;Wa42N5M|&SSXpS46%zo z=o3}s=8@%-mRsOgSQwF!>z8K&vdi8n*ehH&y(l%YI8`CuO2J0mFHIq)s7}F@E2ttQ zJ0-)rD5BilvCKKWz&Fp^FFzwBluK7vS0TGHJI^2>!=l7F(M&(h+1sVcAT-d?&!w`e z#2_Rw*ubqkx3ttfwal}koa@TtrMJ&~bdDE!Qp}mzxzFIx8;c#M;{qa%*|_s2*=toD uZdXgIR1;uWX<#Y&QssE<%!drFVFeGX4dy!D6rioevLZ- literal 0 HcmV?d00001 diff --git a/hosts/sentinel/secrets/acme-cloudflare-zone-token.age b/hosts/sentinel/secrets/acme-cloudflare-zone-token.age new file mode 100644 index 0000000..c26ae7a --- /dev/null +++ b/hosts/sentinel/secrets/acme-cloudflare-zone-token.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> X25519 Y7J0KmGssDwytzJSMTKnb2qVfCBEl4nMiKeg4PDhbhM +R+FV22jr0XcybGJk8Z2o40O5ptRK3NPgQOxJ7HlORho +-> piv-p256 xqSe8Q AyC1XlhbGhbfUBn4gV56t48AazKi5Lt9H5BCOZqbTtOp +s3mrvVrMZ/kTdUSjKyBWa5hUFL2fwL2xRo7UFF0AwP0 +-> Ao-grease vp@ m_b +oV7D7L5dZtF75bJ6Ms0yZr92rENJmE4xKpdlBp4h40onYWv1Z17R2/bmygv5MD9+ +S7J25g3rxfk00fUOK8cwDcWyRtp4jQqcooJyrQ +--- J/aXuudcbUAfU06R065fsvPTX2qZr0w0eZ9gI6I+McY +vÂâ-##·¬=|Ú•½-IÝR†·¿Ýn<§z´fÄ.\œõ‘cU/OÓ 6÷¶ë¼±ˆÜož’Þ$õ¶8\Ò6E•ËeËí†n \ No newline at end of file diff --git a/hosts/sentinel/secrets/acme-credentials.age b/hosts/sentinel/secrets/acme-credentials.age deleted file mode 100644 index 2bbf452cedc2c61379659a076d739faad5adc41d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 527 zcmV+q0`UD|XJsvAZewzJaCB*JZZ2RCDW3v8x=m*`eUnzL0OF~q!t_=A#|_>%RI|1 z_0XR%_LSLK6(-AKPsH?;GTPT2*ow~B1=g5M=uRo%$~6M3$Zr5N0@nM~o$*|bSj2W} zRKc?n%_WnDw|mmDW09r()MGIjLtF%Pi}g!ESPpxb=jB}m5Qe>bT<&A#n>{gOXKs>A R8E4uEHC)_QT3bEE9OZ1K#>oHx