nydragon/nix-da
1
Fork 0
Code Issues Pull requests Activity Actions 1

chore: move ssl creds to agenix

Browse source
This commit is contained in:
nydragon 2025-03-10 18:39:10 +01:00
parent 97bc861c9e
commit 8f1c4fbad1
Signed by: nydragon
SSH key fingerprint: SHA256:WcjW5NJPQ8Dx4uQDmoIlVPLWE27Od3fxoe0IUvuoPHE
2 changed files with 14 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
hosts/raptus/default.nix
View file

@ -26,7 +26,10 @@ in
group = "rustypaste";
};
forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;
acme.file = ../../secrets/acme.age;
acme = {
owner = if config.security.acme.useRoot then "root" else "acme";
file = ../../secrets/acme.age;
};
};
boot.loader.grub = {
@ -96,11 +99,12 @@ in
polkit.enable = true;
acme = {
defaults.email = "admin@ccnlc.eu";
acceptTerms = true;
dnsProvider = "ovh";
environmentFile = config.age.secrets.acme.path;
defaults = {
email = "contact@ccnlc.eu";
dnsProvider = "ovh";
environmentFile = config.age.secrets.acme.path;
};
};
};

7
hosts/shan/default.nix
View file

@ -27,7 +27,10 @@
file = ../../secrets/freshrss-default-password.age;
owner = config.services.freshrss.user;
};
acme.file = ../../secrets/acme.age;
acme = {
owner = if config.security.acme.useRoot then "root" else "acme";
file = ../../secrets/acme.age;
};
};
boot.loader.grub = {
@ -162,7 +165,7 @@
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "2000M";
clientMaxBodySize = "0";
virtualHosts =
let
mkVHLocal = mkVH "http://localhost";