From c345f4e9371c8a998af6334028e93fc9d302c7d5 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Fri, 12 Apr 2024 20:28:27 +0200
Subject: [PATCH] feat: add temporary homepage

---
 hosts/nom/secrets/host.pub                    |   2 +-
 hosts/sentinel/default.nix                    |  20 +++++++++++++++++-
 modules/acme-wildcard.nix                     |  10 ++++++---
 ...df8b59d91fcd91-initrd_host_ed25519_key.age |   9 --------
 ...ef7af87d9e69ff21-my-gpg-pubkey-yubikey.age | Bin 0 -> 1639 bytes
 ...7fd06eb73e5636b3-my-gpg-pubkey-yubikey.age | Bin 1518 -> 0 bytes
 ...c2275747fb21c4-initrd_host_ed25519_key.age | Bin 0 -> 769 bytes
 7 files changed, 27 insertions(+), 14 deletions(-)
 delete mode 100644 secrets/rekeyed/nom/1f37a986a31d7e4d88df8b59d91fcd91-initrd_host_ed25519_key.age
 create mode 100644 secrets/rekeyed/nom/69289feee2d5937fef7af87d9e69ff21-my-gpg-pubkey-yubikey.age
 delete mode 100644 secrets/rekeyed/nom/721d8d346921babf7fd06eb73e5636b3-my-gpg-pubkey-yubikey.age
 create mode 100644 secrets/rekeyed/nom/d1cb656317c735d7c4c2275747fb21c4-initrd_host_ed25519_key.age
diff --git a/hosts/nom/secrets/host.pub b/hosts/nom/secrets/host.pub
index 3019155..97a005f 100644
--- a/hosts/nom/secrets/host.pub
+++ b/hosts/nom/secrets/host.pub
@@ -1 +1 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICOdYhY/DnXpizajoeLefH6gsc/RX9x3Y6T3C1a+0sb0
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH64l5nh2ryG+1I2sXvfr7m8kTLP5N3CmnK12MHHKSfr
diff --git a/hosts/sentinel/default.nix b/hosts/sentinel/default.nix
index 0c62b50..4db9c22 100644
--- a/hosts/sentinel/default.nix
+++ b/hosts/sentinel/default.nix
@@ -1,4 +1,8 @@
-{config, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     ../../modules/optional/hardware/hetzner-cloud.nix
 
@@ -16,9 +20,23 @@
 
   users.groups.acme.members = ["nginx"];
   wireguard.proxy-sentinel.firewallRuleForAll.allowedTCPPorts = [80 443];
+
   services.nginx.enable = true;
   services.nginx.recommendedSetup = true;
 
+  services.nginx.virtualHosts.${config.repo.secrets.global.domains.me} = {
+    forceSSL = true;
+    useACMEWildcardHost = true;
+    locations."/".root = pkgs.runCommand "index.html" {} ''
+      mkdir -p $out
+      cat > $out/index.html <<EOF
+      <html>
+        <body>Not empty soon TM. Until then please go here: <a href="https://github.com/oddlama">oddlama</a></body>
+      </html>
+      EOF
+    '';
+  };
+
   meta.promtail = {
     enable = true;
     proxy = "sentinel";
diff --git a/modules/acme-wildcard.nix b/modules/acme-wildcard.nix
index 9652470..318bf28 100644
--- a/modules/acme-wildcard.nix
+++ b/modules/acme-wildcard.nix
@@ -6,6 +6,7 @@
   inherit
     (lib)
     assertMsg
+    elem
     filter
     genAttrs
     hasInfix
@@ -37,9 +38,12 @@ in {
         # If no such domain is found then an assertion is triggered.
         domain = submod.config._module.args.name;
         matchingCerts =
-          filter
-          (x: !hasInfix "." (removeSuffix ".${x}" domain))
-          config.security.acme.wildcardDomains;
+          if elem domain config.security.acme.wildcardDomains
+          then [domain]
+          else
+            filter
+            (x: !hasInfix "." (removeSuffix ".${x}" domain))
+            config.security.acme.wildcardDomains;
       in
         mkIf submod.config.useACMEWildcardHost {
           useACMEHost = assert assertMsg (matchingCerts != []) "No wildcard certificate was defined that matches ${domain}";
diff --git a/secrets/rekeyed/nom/1f37a986a31d7e4d88df8b59d91fcd91-initrd_host_ed25519_key.age b/secrets/rekeyed/nom/1f37a986a31d7e4d88df8b59d91fcd91-initrd_host_ed25519_key.age
deleted file mode 100644
index 6ca7d9f..0000000
--- a/secrets/rekeyed/nom/1f37a986a31d7e4d88df8b59d91fcd91-initrd_host_ed25519_key.age
+++ /dev/null
@@ -1,9 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 grkLKQ wT/F1RZNRPv/nEpRO2K6uaaUgblmQ+Snl0l0oaQ8biQ
-l2Spr1bBxZ780TqPyzLu8e+Bu/V7wHGVEOnht6obgm4
--> a-grease ajoj }}yuQ_]d ]\g'
-WsHmUGNgl8O1jJaoW2mHzJtxngWIQWUngA0y/Q
---- yG/0WUD+R7eWZv+DNiH24Y8GW3FvYgHDftlFi8ngpdA
-oå)8ù!ÛX?r¸€%²ÜJ‘Ù†R¢q9éò_¤Ÿ]·jr;ÚCå?ï,vLFð‹÷­‰é5DÚx&Ü.1/î½vN;H’4‡7\øV€›ÿ£„Ô> Ÿ6ÐLÒ9!Ãõ>:þ™*¹Uóßåðíêóî5b­[®„ñéÂh/nSo²
-	'ø(iÏ—ÒˆŽy5D.]èI†c”ç–JFY_-Z‘Ã	Ÿ›Ô!ÏLÉØ0Vë¢ñê^3ó¯ïÆOÕ)í3QÝèÿ‹ôÔ.åô¶<a“‡ìÓWJ™ÐmnKM$û¿L¬ãAXƒttÍØG““Í-e.æ­zœ×5¨I,c€OÝ8\´ù©ŸI,?ƒ{Ë.É	!‘¹ös&cvhº	ÏüAP¶5iƒ60v=·Å×Ž ·Rˆdš9NÇÒ„Á
-IµÍ‚õê¸*p\) sceÔuHfºªþ¬dùK®;]`9}ó½ë®u£¬¢L}V~äÖ…@jÔ,Xà+¬ñ3Áwüªä”š±–x†¢¿‰¢ÞöÜõh¶<&æj&5…¾êŠyT+û=
\ No newline at end of file
diff --git a/secrets/rekeyed/nom/69289feee2d5937fef7af87d9e69ff21-my-gpg-pubkey-yubikey.age b/secrets/rekeyed/nom/69289feee2d5937fef7af87d9e69ff21-my-gpg-pubkey-yubikey.age
new file mode 100644
index 0000000000000000000000000000000000000000..ebf78d255c206d81f5a9a6192d494d2d3ddc0c17
GIT binary patch
literal 1639
zcmV-t2AKI_XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LH*iHTHc=o&
zFhfa5Y)W%=P%C0dS5sJOS~+!Na#ea`RAe%8V{lkUW@CD1S#)enK}iZWF*iYKGHhi~
zMRHM7L~(9SGcR~;Z%#CHRCRB3Lw8F?b7OZ{HaR$1F>?wnJ|JF5G**6AC?YLqa%Ew2
zWgs+hFCZc{HzP|5SxiJ|SZHiTOLRw2I81tMNl|r2MQK<|S#U!yG&5{%S4nk4XKGX{
zb5}1hbT3wKSweL-S$AYeRxo00MObq*3OGo0Y&LLhSVuE9Yga^hX)iKKF*asmba7L5
zdU-TvXhk+dNNZIuP+?d|cvmn;K|wcHOF2nFQA9xsEiEk|bX74+F*aB+S4MX-cw~7t
zWiMfRD??0Ia58N+F-16HOl3iHFIie}Q%+|JfFgzr%S(TY-$VIlwbG<!4gQ@mzOWuR
z6jYTaq>K;kF+B7T0n-nUh6$mq?(5Ggm@%*E-~2z2uj4JxQ_)=hQuf%g;GKN&hfFo$
z_d+~ea~^1JS#83GgJY1MUhAP6bis|0`r?`GI;v}V!`1#p-wL}1d?Ig%<yw6RuXADg
zg`j&5yeOCs=}_c2f{D)DTN}}!C^dU`(NktC+OKFi9QfjgkEg8aK=9tc2XmMi3BHE7
z$|~@fmo&wVTc%-6J2N*-K^HhHPQxGJWT0Xxo2iYWT019V0%q(P;j|~NTvD}g0C#U#
zCPRV<4obd@OjX3orc;LiqLz%>@_hwJ*+CY_iz;GN0Gn?$P)<A|FiF{9qyQeTRT`c#
zKw#c*J&Mx4kz|^dR~&$ZCFjzF_6Iv*L<ut+%%o4cpu6X<?>b0Y`)o?E0ou{GHZQ<e
z8wRU0WH{IViiuKiw?LfU0n5<mzogsZmbE!;Khl2~4nR;X;rv5n(b(p8rk+$>CWrL|
zaA^b;#pC&x7qb7f{`DiLUcL2R7@3dAU#5GbZ9{qRE>ck|yjFb)-O{6;%VuSzn@%YL
zdKDY0QNrHXIJ;?>8DIvkmZw6iv??oGK1aX9>g*!--1D8ApB=2^L51C!cv9^5CGMFi
zMkXj&l2^Bc=)1eHfsE-_Im5{~SzZf%qQ4Imr{AMmDiZfVlYfzba>RoT>F`g=h$9_A
z=J<?=BfVKj%osdu%oFu-4)4gz5n!&qf)6*Zb5S$Z-CC+AG53FiR&w0CO~4IM%KlQl
zpd5uXl9s_z(j#|jlwafyx>yE?%$2jS9x~el0Xl3dGm=(LKDv|B2adzaheO?X#`_Q-
zkh_NV^Q35Vqw03p_P1Z0Zobjc5*S}?PSeO};&$gi7XhY^-jgN3BSl1T-3rYa#zg&Z
zmV-fdtQ4Cl^&YRNVW34Ppfkuz{x{Gm9C#45w_ND;OUo3<6d71ED&7U+W>M3sBQ!Lq
z(pl;69%N5V{>tROQFpKo#jO1T-Uy!pjuJxWQ29G5Dswr{G3u#+L+pyuzkaB5*z-G>
z39tahKqro86?o-Dt%<5_eQcuX5nBsUg1#Twpsd};a9~srgjGgz7u>IM`|;R^(5mzt
zw6Lu^w^qI|5Mz2EG|94dZ0ry92KatA08+N8Mol)RbU_Tk?z_-36$vE5<yiuOYBQSX
z5|7l63|-58tZ9b5(r44^K{f5B4(=}D$T)SsnS!iolEbiCwaP6Fi}5%4@G<l<nDp>h
z<4%tTmbk9bF|pa%y`qg@2}>xxpBL*Dn(gzAF+N}k`%-oDHfAbH<h7zL`pQNMIYc;D
zX}ix^f(H)J7M8t73KT`Yv6Q!{Y18!G(HnqUMuFlGBUmoUHXm;Ft)1;;MBhjNP#osK
z%61EJnvsJDy8#=j#x@g0$iZ9vebj(%g|LOV*^&JuRk4oPvXVjSMf>5rPN528vgw@i
zKRu#v;n|6){D+z`MmY*}$6h^B?h>9Eb<yTOqPDr4NlgvSO`r3&*k{70QLl+%cg*EQ
zrN%U^Bz1;GXH&Wc_uB+Mc*UB^hAUZMcAoNYBTTNBhra<$SyysdoCbCD0Ni>9b4Wvo
z2^ixxM;8ntQ2A~0jLT<qlR@l9*xH|u)<;c}$c__WvZV@l6B36_kGOKdLLu6-BT%sN
lgx9^ujZY}adTSZD&?eh`kV9lJ5<C}0?n66FyH%~GJt!U2@sI!j

literal 0
HcmV?d00001

diff --git a/secrets/rekeyed/nom/721d8d346921babf7fd06eb73e5636b3-my-gpg-pubkey-yubikey.age b/secrets/rekeyed/nom/721d8d346921babf7fd06eb73e5636b3-my-gpg-pubkey-yubikey.age
deleted file mode 100644
index 13be5217b6b02268a6300bd37f6cb3174b45cc33..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1518
zcmV<K1rhpTXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LXL4&yOHm+7
zG*(75cSc8KGeT5FRdG~Wb9qNhVp2m(OId3<S~O}kW^HG3P-ikzQZNcHVMH@(c{Ex~
zWlc9}LQ6zUMM7*zP&Z0JWlU>PQ&UG)OG-3sLpN0`Mso@+J|KN_c2G?%XL4m>b7df7
zQ7JbHRZ47hS9nlGQBevlEiE8uG+AsfLRDB)WH@>>D_1pmF>Etta!^T5RcKK~G(%BD
zQF>ZMN^UuHZCMJbo2)d5z9UwnQ)wGjx^f+wtEUcwbrJ$BF(Uj@1}2AAYw?H}I^nxb
zr2E(mu&2S_L87YyOFE|&3O%pt&sEGQLBH9vcZ9yi&%64;@x8a6lUs#N;*6^RS>Uw6
zc39`dbm4hx^^^d~IWsE|c^fcXwgo_^1+y7cz_YoVmlvUH)<|$dVeS?X;UyX~SJYp$
z_T-|SzEfi9XJdB4`&(+N92mT&rU+XL>BgkjQ0gY|XG8GVtcpY1K(&*A(*b=ao?rl5
zfmeL+CB$}zv?&PWAmbfj{8hNjJ))ZAhZlw%kytB-STUY6+)gR&klVgGq`UV~k&{eB
z%s&S4exHWD+Iy_uCL&8G%jd7P-^>4h3=Uh6L^Kdrt5?0}Is@pEv(3dodjR&kRXjTp
z`Fj;lVd@UFPvvq`bHZ|{CxSg+abdJn_UF80B&k{Ip_s7+E&IvU4#er`fz8`@{yv~C
zgko}-5BkAH!@|7N-6-`TW`=RV?}Qw2Q*oHecnS`CWl?KZvK>%{=XqEaHM(M6ljUak
ztk#59dL13r)`g``dG!C}dbF^+4u>Bi?!IT2oRrUD%E8ei;H!JLVz7TqCB=V#(_xki
zRyh2iU=2uX7zT<ODI+&*RHR31mtc8By<5#nDIk+lRlcV*!nltqC!;U@Vw4A~Ah^Fi
zem>gxWC%IxMekAijbzn+f_M5bPiQGaFoWna`xf59fIPlnpjlWmEz+?!wql*qo@h+;
zzr?`DKH)x<g}OqXwvpze&uAtq`!d3dvJ=@*l{(YX0j(rkB(+PSz@oO0Sk-#cx$*Xy
zZcH?<zDqa8QeCyITkEy5>dw2{jRgkPM)ukYZb}NU2<if#%1q9AGhYjixMJh-#X+5C
zE2Lb}fmeqh@kTYX6oQ|6`dSx-{)jAA%DMZ+HIAtkE^@<J!pKeZGY>0Gdm_#28rNjj
zl|t$TFjiaaeA~bsH234+X<CH;Um=_Px6-}|ZU3Tm66q2RCJ1>;swGjA_nAkgq4&)c
zsm3C-#9)oKR57|0;Uv2}I35{`s{{aae26#dQFaZ2dbyL=?X`KD!@L>m>qZI;LVwJ@
zfOXuYU2i}#_EZ(xzgcOJzn=%kxMM?yk*lW9Hg}s!jz=ikOkfp5^MH^3T$ZZ5Z1BRn
zz=Xi4eQ|W7*=+-+wRj=$LFpip!EDRvcPr<iGgDnnbex=)&4fF)ty{r%leGt$DO?-p
zSl-*3+O=KP7mXwQ2_dAlj;rWQCdg+o6zigPIW)|9fQ+@XhP9b%!0nK=VtDfY+(X-W
zwsNrx?8$T82C%f!hx9B9f(91pgCE6~x}*&wdQTM_8duqyIlcp?swvzr&dLn0X9Fe*
zG<^0QE|f6@9Ec0qUj><u3aED?M^2@tfjCA?(lnQ1@NgfgC>>1T!b8j@<Jd;(U@|DT
zL?r^Wf~q$N%O?p$g?w*gf0xlvD~51e9paq;C(jx18tdTP;SY(VNH`4jAu_%Mz}sPI
zqm|m}Me<QuXj9UNZI7y^<K35PN)OVYN>rSp(h9Ola4Xlr49v4Tf)pz9$`q7qCB2qr
zjty;S=0j$49I@;FLj0c@#N$Tza?N3CP$+#`pE+@TN!o8upNMG%ncW@?pa`JPDvE8W
z*nKm5gS_Ruton#Rf1)+Fp1=XCwT)4pUory?i=1^qs+l`$o?F8!spVpf+JXxSiQid)
U&~65ZZnk9I%2(Tt$$uW-Ivi=wa{vGU

diff --git a/secrets/rekeyed/nom/d1cb656317c735d7c4c2275747fb21c4-initrd_host_ed25519_key.age b/secrets/rekeyed/nom/d1cb656317c735d7c4c2275747fb21c4-initrd_host_ed25519_key.age
new file mode 100644
index 0000000000000000000000000000000000000000..32220c2f89329299cdcc408d5e5fbe9e7cb5301f
GIT binary patch
literal 769
zcmV+c1OEJBXJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9LH*iHTHc=ok
zc{5l@buUF~Gf_)WNK9%$Y*0>mRA*T)b53k(Z&6NiP-Zl3LsL*hGcXE8dNemqHb+!U
zM0aLwW@~tKSz<^+Vo+;hR%AsnVNgp~W_VL%X-PL{ZAA(#J|Jf;XL4m>b7cxnK|yFj
zXE`xwc~L?~W;Rt+F)=tsN@H?aPGm$<cy>WHO;SNgbWK=BMR7B1V{1uOD|k^jFg7b!
zV@7URR7P<Ma8NZ@D|u2gY<V+HOJ+xSQgU}_X)9DrD^x--QB+cIIBhjhD|uNlRZ~f6
zSx7QyVKg&jOjlA>cvnzwF;YV@3U^3B3N0-yAaXNnQDsqfb8m23Mm9@TWi>c9bXjII
zHCbg?R7Gh@Xh?8tQ#EmLVrMu_3cnKvcsfIVPy=>fI{G|{4>LRnehkf~$p_PQL7kN6
zG;QsJegx{14;mg%Dz}548T~9&v`6d$yR9D1(T)DIzuUAF1Mvk|Sh_`v;*$cNkBk_|
zT(0DsS9k38{3)89jARbsTd_m%cJg|jp94{BoZ|kHm3x6Qd_q{TU|!SG2#!&_)9<B;
z*m<o(m>NBv065O&$$jT9AP|$R#JKU*25}dpF2Wd0(c+jpqfm9i?hY5R_6}wz!`^r>
zL(Nhh&kC3IIS=YLbuFJLw}59*^^3Mpo^KioLq{1oyNB>-8W)pD!<l;KoW9T<M+9Ru
z&TLs;QmuIjN|DKVCjMet_={(lJu}rKI?<YwI@+jBpZtp+4IIuG?gik5%Lt=D$q;AU
zEbcT)Km2s`q89CoZuwEL&=&Q?AxK<CxADIi4#0;^L&Udq6@4gXVpy(w7~lM0gv4R(
z3mGqhLs(cOSR&Jg9iQM5E@!2kW`O4d{k(y|W;+2<#F5HjbM%JZ_SZF3V?$aM8WKzc
zNv|&l?#N40R448sGx3KVyqyONS}mg?KOC`zd1O|6if!D5B)wmpI_|C*?bnp82I)E&

literal 0
HcmV?d00001

