[fugitive] Set up wildcard cert

2023-09-30 13:22:53 +02:00
parent 76b1e118ce
commit 6428877bd0
5 changed files with 29 additions and 4 deletions
--- a/lib/systems/fugitive/default.nix
+++ b/lib/systems/fugitive/default.nix
@@ -1,4 +1,4 @@
-{ impermanence, pkgs, ... }:
+{ config, pkgs, agenix, ... }:

 let 

@@ -67,6 +67,10 @@ in
    };
  };

+  age = {
+    secrets.namecheap.file = ../../../secrets/namecheap.age;
+  };
+
  security = {
    sudo = {
      wheelNeedsPassword = false;
@@ -76,7 +80,14 @@ in
    };
    acme = {
      acceptTerms = true;
-      defaults.email = "cert@ctsk.xyz";
+      defaults.email = "monitor@ctsk.dev";
+      
+      certs."enclave.ctsk.dev" = {
+        dnsProvider = "namecheap";
+        environmentFile = config.age.secrets.namecheap.path;
+        group = "nginx";
+        extraDomainNames = [ "*.enclave.ctsk.dev" ];
+      };
    };
  };

--- a/lib/systems/fugitive/hardware.nix
+++ b/lib/systems/fugitive/hardware.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{ config, lib, pkgs, modulesPath, impermanence, ... }:

 {
  imports =