From a7f8b8187cc851497da12324b8876f1067eb6874 Mon Sep 17 00:00:00 2001
From: nydragon <contact@ccnlc.eu>
Date: Mon, 10 Mar 2025 13:52:42 +0100
Subject: [PATCH] feat: agenix for ssl certificates

---
 hosts/raptus/default.nix |   4 ++++
 hosts/shan/default.nix   |   6 +++---
 secrets/acme.age         | Bin 0 -> 595 bytes
 secrets/secrets.nix      |   5 +++++
 4 files changed, 12 insertions(+), 3 deletions(-)
 create mode 100644 secrets/acme.age

diff --git a/hosts/raptus/default.nix b/hosts/raptus/default.nix
index ecfd366..8bedd57 100644
--- a/hosts/raptus/default.nix
+++ b/hosts/raptus/default.nix
@@ -26,6 +26,7 @@ in
       group = "rustypaste";
     };
     forgejo-runner-token.file = ../../secrets/forgejo-runner-token.age;
+    acme.file = ../../secrets/acme.age;
   };
 
   boot.loader.grub = {
@@ -97,6 +98,9 @@ in
     acme = {
       defaults.email = "admin@ccnlc.eu";
       acceptTerms = true;
+      dnsProvider = "ovh";
+      environmentFile = config.age.secrets.acme.path;
+
     };
   };
 
diff --git a/hosts/shan/default.nix b/hosts/shan/default.nix
index f142af2..e1f7c62 100644
--- a/hosts/shan/default.nix
+++ b/hosts/shan/default.nix
@@ -27,6 +27,7 @@
       file = ../../secrets/freshrss-default-password.age;
       owner = config.services.freshrss.user;
     };
+    acme.file = ../../secrets/acme.age;
   };
 
   boot.loader.grub = {
@@ -149,7 +150,7 @@
     defaults = {
       email = "contact@ccnlc.eu";
       dnsProvider = "ovh";
-      environmentFile = "/run/secrets/ovh";
+      environmentFile = config.age.secrets.acme.path;
     };
 
     certs."ccnlc.eu" = {
@@ -161,7 +162,7 @@
     enable = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-    clientMaxBodySize = "100M";
+    clientMaxBodySize = "2000M";
     virtualHosts =
       let
         mkVHLocal = mkVH "http://localhost";
@@ -175,7 +176,6 @@
               proxy_set_header Upgrade $http_upgrade;
               proxy_set_header Connection $http_connection;
               proxy_http_version 1.1;
-              client_max_body_size 2000M;
             '';
           };
           useACMEHost = "ccnlc.eu";
diff --git a/secrets/acme.age b/secrets/acme.age
new file mode 100644
index 0000000000000000000000000000000000000000..cc8452fbc413a29b60b4c17e5c4844b28ab07d86
GIT binary patch
literal 595
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSnG|WgZPgn4>2=NOk
zPpa_DaIea$^vX6bOtuUQ%qk2jbvI2lDGW8tC^bt@D=$pVNaiXm4=;B$^zaV~G;}YB
za?_4<N=?ek%y;n!cgZMAFEoq__b>6#&Uf=m3q`jr$=D+&z)_*lJ*><xtRO!rH!;X8
zuqZ9qH$NmSFfB_z(lF9IDzG>x**PWHt0>DjFO)0Hq%u7%Br~@tEzHHxv#iL#HNY*n
zvM4n>xx&KHD7(xn)x{_<GblMUClcMZ@Z_v;Q%8kt?Wo8wzd)nFurv$*(4eS7ui!9C
z_lVL;Z<D07Z0`uqN`1G0!V<5vkaVula3{Y~k1#W%K##1Tpn|Mq*Wx@EF9SzySI3OZ
zEKg5I?SKGJql^>-6IU)>U0ns=bpPCR|8TP+lVErKl;qOXaz|H3Czt$+@Vt-=?QC~f
z=VFhfRKtv1Lj$e_U6Wq%-kK}z_E22<N0)^<yTgB_jS7A~h8FMd9WLYYJCTt7{k_Pv
zQ|t>}<;7#?1-^b@!hd0H#@srayx1a!UyDsH^?a89zG`ziQ?N`1W2n&91ATp)ufHxk
z!sin`^RU<(r?k?CtK^Sq>bdIV)yhuK>J7;Z(cQm0;G47cnz-fX1ccUYDOi~Nz|hdo
zVgG8$!uj_v9&5?^R+!dx;0)(g%M&pnzIjco-KtX>GuQ3dzu~T@+U6rJlirsv+7>i1
M?pMU-t1fAc00@uYQ2+n{

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 19f9a51..cdb2017 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -24,4 +24,9 @@ in
     shan
     ny
   ];
+  "acme.age".publicKeys = [
+    shan
+    raptus
+    ny
+  ];
 }