tools/acme: init
This commit is contained in:
parent
3c4b8d92b4
commit
355abdd072
4 changed files with 37 additions and 0 deletions
11
secrets/acme-dns-key.age
Normal file
11
secrets/acme-dns-key.age
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 NO562A eDXO2rf1oCP7G9J7pB03shPO9BMIZ2pEhBqlaEiO+DI
|
||||||
|
Nb6n+yZJ3+ZQQWefjUbV6xiem+4gpOdE0IoA5F9L4zs
|
||||||
|
-> ssh-ed25519 5/zT0w I/KivuQEA2nwCF0qq4G81dKvwU/Zni2Fuz+xSraW52E
|
||||||
|
osPx87gVzeEEIPBnhTn0APxBuA/IL8ySuMzzVrjYqEI
|
||||||
|
-> ssh-ed25519 d3WGuA yrjBtwpNIgsCHG835akTfrwYdncm+yEHT1GnmWQvVnQ
|
||||||
|
Myfat35n/tjZzsqeaLEZLpZGxwgBKo7lBVi1uMIzsRo
|
||||||
|
-> 1.=T-grease )oe@8$5 _OQDI/o^ &l$G\
|
||||||
|
aR164gwY7SDkig
|
||||||
|
--- 32woYizDIa931hDX2PO8wLOYmnOhSscYaI38pvUmBLs
|
||||||
|
ÿ2ã(<06>ì°cZÄBý„»¸o"Ê´¡±•¿%¡·W9<01>ãd'ØikCà‹FƒÆž
ˈkPÃVÊNü>ö˜²×[Ý<>»
|
|
@ -4,6 +4,7 @@ let
|
||||||
systemKeys = x: x.ssh.id.publicKey or null;
|
systemKeys = x: x.ssh.id.publicKey or null;
|
||||||
in with hosts;
|
in with hosts;
|
||||||
{
|
{
|
||||||
|
"acme-dns-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"discourse-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"discourse-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"discourse-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"discourse-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
|
|
24
tools/acme.nix
Normal file
24
tools/acme.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
# internal interface
|
||||||
|
{ toolsets }:
|
||||||
|
# external interface
|
||||||
|
{ config ? null, nameserver ? (toolsets.identity {}).dns.master.addr, ... }:
|
||||||
|
let
|
||||||
|
tools = (self: {
|
||||||
|
|
||||||
|
dns01 = {
|
||||||
|
age.secrets.acme-dns-key = {
|
||||||
|
file = ../secrets/acme-dns-key.age;
|
||||||
|
owner = "acme";
|
||||||
|
group = "acme";
|
||||||
|
mode = "0400";
|
||||||
|
};
|
||||||
|
credentialsFile = builtins.toFile "acme-dns01-env" ''
|
||||||
|
RFC2136_NAMESERVER=${nameserver}
|
||||||
|
RFC2136_TSIG_KEY=acme-challenge.void
|
||||||
|
RFC2136_TSIG_ALGORITHM=hmac-sha256
|
||||||
|
RFC2136_TSIG_SECRET_FILE=${config.age.secrets.acme-dns-key.path}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
}) tools;
|
||||||
|
in tools
|
|
@ -1,6 +1,7 @@
|
||||||
let toolsets = {
|
let toolsets = {
|
||||||
meta = import ./meta.nix;
|
meta = import ./meta.nix;
|
||||||
|
|
||||||
|
acme = import ./acme.nix { inherit toolsets; };
|
||||||
identity = import ./identity.nix { inherit toolsets; };
|
identity = import ./identity.nix { inherit toolsets; };
|
||||||
networks = import ./networks.nix { inherit toolsets; };
|
networks = import ./networks.nix { inherit toolsets; };
|
||||||
nginx = import ./nginx.nix { inherit toolsets; };
|
nginx = import ./nginx.nix { inherit toolsets; };
|
||||||
|
|
Loading…
Reference in a new issue