tools/acme: init
This commit is contained in:
parent
3c4b8d92b4
commit
355abdd072
4 changed files with 37 additions and 0 deletions
11
secrets/acme-dns-key.age
Normal file
11
secrets/acme-dns-key.age
Normal file
|
@ -0,0 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 NO562A eDXO2rf1oCP7G9J7pB03shPO9BMIZ2pEhBqlaEiO+DI
|
||||
Nb6n+yZJ3+ZQQWefjUbV6xiem+4gpOdE0IoA5F9L4zs
|
||||
-> ssh-ed25519 5/zT0w I/KivuQEA2nwCF0qq4G81dKvwU/Zni2Fuz+xSraW52E
|
||||
osPx87gVzeEEIPBnhTn0APxBuA/IL8ySuMzzVrjYqEI
|
||||
-> ssh-ed25519 d3WGuA yrjBtwpNIgsCHG835akTfrwYdncm+yEHT1GnmWQvVnQ
|
||||
Myfat35n/tjZzsqeaLEZLpZGxwgBKo7lBVi1uMIzsRo
|
||||
-> 1.=T-grease )oe@8$5 _OQDI/o^ &l$G\
|
||||
aR164gwY7SDkig
|
||||
--- 32woYizDIa931hDX2PO8wLOYmnOhSscYaI38pvUmBLs
|
||||
ÿ2ã(<06>ì°cZÄBý„»¸o"Ê´¡±•¿%¡·W9<01>ãd'ØikCà‹FƒÆž
ˈkPÃVÊNü>ö˜²×[Ý<>»
|
|
@ -4,6 +4,7 @@ let
|
|||
systemKeys = x: x.ssh.id.publicKey or null;
|
||||
in with hosts;
|
||||
{
|
||||
"acme-dns-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"coturn-static-auth.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"discourse-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"discourse-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
|
|
24
tools/acme.nix
Normal file
24
tools/acme.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
# internal interface
|
||||
{ toolsets }:
|
||||
# external interface
|
||||
{ config ? null, nameserver ? (toolsets.identity {}).dns.master.addr, ... }:
|
||||
let
|
||||
tools = (self: {
|
||||
|
||||
dns01 = {
|
||||
age.secrets.acme-dns-key = {
|
||||
file = ../secrets/acme-dns-key.age;
|
||||
owner = "acme";
|
||||
group = "acme";
|
||||
mode = "0400";
|
||||
};
|
||||
credentialsFile = builtins.toFile "acme-dns01-env" ''
|
||||
RFC2136_NAMESERVER=${nameserver}
|
||||
RFC2136_TSIG_KEY=acme-challenge.void
|
||||
RFC2136_TSIG_ALGORITHM=hmac-sha256
|
||||
RFC2136_TSIG_SECRET_FILE=${config.age.secrets.acme-dns-key.path}
|
||||
'';
|
||||
};
|
||||
|
||||
}) tools;
|
||||
in tools
|
|
@ -1,6 +1,7 @@
|
|||
let toolsets = {
|
||||
meta = import ./meta.nix;
|
||||
|
||||
acme = import ./acme.nix { inherit toolsets; };
|
||||
identity = import ./identity.nix { inherit toolsets; };
|
||||
networks = import ./networks.nix { inherit toolsets; };
|
||||
nginx = import ./nginx.nix { inherit toolsets; };
|
||||
|
|
Loading…
Reference in a new issue