diff --git a/hosts/raptus/default.nix b/hosts/raptus/default.nix index ecfd366..8bedd57 100644 --- a/hosts/raptus/default.nix +++ b/hosts/raptus/default.nix @@ -26,6 +26,7 @@ in group = "rustypaste"; }; forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age; + acme.file = ../../secrets/acme.age; }; boot.loader.grub = { @@ -97,6 +98,9 @@ in acme = { defaults.email = "admin@ccnlc.eu"; acceptTerms = true; + dnsProvider = "ovh"; + environmentFile = config.age.secrets.acme.path; + }; }; diff --git a/hosts/shan/default.nix b/hosts/shan/default.nix index f142af2..e1f7c62 100644 --- a/hosts/shan/default.nix +++ b/hosts/shan/default.nix @@ -27,6 +27,7 @@ file = ../../secrets/freshrss-default-password.age; owner = config.services.freshrss.user; }; + acme.file = ../../secrets/acme.age; }; boot.loader.grub = { @@ -149,7 +150,7 @@ defaults = { email = "contact@ccnlc.eu"; dnsProvider = "ovh"; - environmentFile = "/run/secrets/ovh"; + environmentFile = config.age.secrets.acme.path; }; certs."ccnlc.eu" = { @@ -161,7 +162,7 @@ enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; - clientMaxBodySize = "100M"; + clientMaxBodySize = "2000M"; virtualHosts = let mkVHLocal = mkVH "http://localhost"; @@ -175,7 +176,6 @@ proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_http_version 1.1; - client_max_body_size 2000M; ''; }; useACMEHost = "ccnlc.eu"; diff --git a/secrets/acme.age b/secrets/acme.age new file mode 100644 index 0000000..cc8452f Binary files /dev/null and b/secrets/acme.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 19f9a51..cdb2017 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -24,4 +24,9 @@ in shan ny ]; + "acme.age".publicKeys = [ + shan + raptus + ny + ]; }