feat: add temporary homepage

hosts/nom/secrets/host.pub

@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOdYhY/DnXpizajoeLefH6gsc/RX9x3Y6T3C1a+0sb0
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH64l5nh2ryG+1I2sXvfr7m8kTLP5N3CmnK12MHHKSfr

hosts/sentinel/default.nix

@@ -1,4 +1,8 @@
-{config, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     ../../modules/optional/hardware/hetzner-cloud.nix
 
@@ -16,9 +20,23 @@
 
   users.groups.acme.members = ["nginx"];
   wireguard.proxy-sentinel.firewallRuleForAll.allowedTCPPorts = [80 443];
+
   services.nginx.enable = true;
   services.nginx.recommendedSetup = true;
 
+  services.nginx.virtualHosts.${config.repo.secrets.global.domains.me} = {
+    forceSSL = true;
+    useACMEWildcardHost = true;
+    locations."/".root = pkgs.runCommand "index.html" {} ''
+      mkdir -p $out
+      cat > $out/index.html <<EOF
+      <html>
+        <body>Not empty soon TM. Until then please go here: <a href="https://github.com/oddlama">oddlama</a></body>
+      </html>
+      EOF
+    '';
+  };
+
   meta.promtail = {
     enable = true;
     proxy = "sentinel";

modules/acme-wildcard.nix

@@ -6,6 +6,7 @@
   inherit
     (lib)
     assertMsg
+    elem
     filter
     genAttrs
     hasInfix
@@ -37,9 +38,12 @@ in {
         # If no such domain is found then an assertion is triggered.
         domain = submod.config._module.args.name;
         matchingCerts =
-          filter
-          (x: !hasInfix "." (removeSuffix ".${x}" domain))
-          config.security.acme.wildcardDomains;
+          if elem domain config.security.acme.wildcardDomains
+          then [domain]
+          else
+            filter
+            (x: !hasInfix "." (removeSuffix ".${x}" domain))
+            config.security.acme.wildcardDomains;
       in
         mkIf submod.config.useACMEWildcardHost {
           useACMEHost = assert assertMsg (matchingCerts != []) "No wildcard certificate was defined that matches ${domain}";

secrets/rekeyed/nom/1f37a986a31d7e4d88df8b59d91fcd91-initrd_host_ed25519_key.age

@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 grkLKQ wT/F1RZNRPv/nEpRO2K6uaaUgblmQ+Snl0l0oaQ8biQ
-l2Spr1bBxZ780TqPyzLu8e+Bu/V7wHGVEOnht6obgm4
--> a-grease ajoj }}yuQ_]d ]\g'
-WsHmUGNgl8O1jJaoW2mHzJtxngWIQWUngA0y/Q
---- yG/0WUD+R7eWZv+DNiH24Y8GW3FvYgHDftlFi8ngpdA
-oå)8ù!ÛX?r¸€%²ÜJ‘�Ù†R¢q9éò_¤Ÿ]·jr;ÚCå?ï,vLFð‹÷­‰é5DÚx&Ü.1/î½vN;H’�4‡7\øV€›ÿ�£„Ô> Ÿ6ÐLÒ9!Ãõ�>:þ™*¹Uóßåðíêóî5b­[®„ñéÂh/nSo²
-	'ø(iÏ—ÒˆŽy5D.]�èI†c”ç–JFY_-�Z‘Ã	Ÿ›Ô!ÏLÉØ0Vë¢ñê^3ó¯ïÆOÕ)í3QÝèÿ‹ôÔ.åô¶<a“‡ìÓWJ™ÐmnKM$û¿L¬ãAXƒttÍØG�““Í-e.æ­zœ×5¨I,c€OÝ8\´ù©ŸI,?ƒ{Ë.É	!‘¹�ös&cvhº	ÏüAP¶5iƒ60v=·Å׎ ·Rˆdš9NÇÒ„Á
-IµÍ
‚õê¸*p\) s�ceÔuHfºªþ¬dùK®;]`9}ó½ë®u£¬¢L}V~äÖ…@jÔ,Xà+¬ñ3Áwüª�䔚±–x†¢¿‰¢ÞöÜõh¶<&æj&5…¾êŠyT+û=