commit 3b13d24ac53bb102777c7744937b2014b4522be4 · ptr.pet/ark

+14 -7

dns/dnsconfig.js

···

       1
       1
        
       var DSP_CLOUDFLARE = NewDnsProvider("cloudflare");

     

       2
       2
       +
       var DSP_BUNNY = NewDnsProvider("bunny_dns");

     

       2
       3
        
       var REG_NONE = NewRegistrar("none");

     

       3
       4
        
       

     

       4
       5
        
       var DZWONEK_IP4 = "94.237.26.47";

     
···

       9
       10
        
       var TRIMOUNTS_IPS = [TRIMOUNTS_IP4, TRIMOUNTS_IP6];

     

       10
       11
        
       

     

       11
       12
        
       function host(name, ips, opts) {

     

       12
       12
       -
           return [

     

       13
       13
       -
               A(name, ips[0], opts),

     

       14
       14
       -
               AAAA(name, ips[1], opts),

     

       15
       15
       -
           ];

     

       13
       13
       +
           if (opts)

     

       14
       14
       +
               return [

     

       15
       15
       +
                   A(name, ips[0], opts),

     

       16
       16
       +
                   AAAA(name, ips[1], opts),

     

       17
       17
       +
               ];

     

       18
       18
       +
           else

     

       19
       19
       +
               return [

     

       20
       20
       +
                   A(name, ips[0]),

     

       21
       21
       +
                   AAAA(name, ips[1]),

     

       22
       22
       +
               ];

     

       16
       23
        
       }

     

       17
       24
        
       

     

       18
       25
        
       function hosts(_names, ips, opts) {

     
···

       45
       52
        
       D(

     

       46
       53
        
           "gaze.systems",

     

       47
       54
        
           REG_NONE,

     

       48
       48
       -
           DnsProvider(DSP_CLOUDFLARE),

     

       55
       55
       +
           DnsProvider(DSP_BUNNY),

     

       49
       56
        
           DefaultTTL(1),

     

       50
       57
        
           TRIMOUNTS(

     

       51
       58
        
               [

     
···

       104
       111
        
       D(

     

       105
       112
        
           "poor.dog",

     

       106
       113
        
           REG_NONE,

     

       107
       107
       -
           DnsProvider(DSP_CLOUDFLARE),

     

       114
       114
       +
           DnsProvider(DSP_BUNNY),

     

       108
       115
        
           DefaultTTL(1),

     

       109
       116
        
           TRIMOUNTS("@", CF_PROXY_OFF),

     

       110
       117
        
           TXT("@", "v=spf1 -all"),

     
···

       118
       125
        
       D(

     

       119
       126
        
           "ptr.pet",

     

       120
       127
        
           REG_NONE,

     

       121
       121
       -
           DnsProvider(DSP_CLOUDFLARE),

     

       128
       128
       +
           DnsProvider(DSP_BUNNY),

     

       122
       129
        
           DefaultTTL(1),

     

       123
       130
        
           TRIMOUNTS("@", CF_PROXY_OFF),

     

       124
       131
        
           DZWONEK(["nucleus", "trill"], CF_PROXY_OFF),

+3 -3

hosts/trimounts/modules/nginx.nix

···

       38
       38
        
       

     

       39
       39
        
         users.users.nginx.extraGroups = [ "acme" ];

     

       40
       40
        
       

     

       41
       41
       -
         age.secrets.cfDnsEditToken.file = ../../../secrets/cloudflareDnsEdit.age;

     

       41
       41
       +
         age.secrets.bunnyApiKey.file = ../../../secrets/bunnyApiKey.age;

     

       42
       42
        
         security.acme = {

     

       43
       43
        
           acceptTerms = true;

     

       44
       44
        
           defaults = {

     

       45
       45
        
             group = "nginx";

     

       46
       46
        
             email = (import "${inputs.self}/personal.nix").emails.primary;

     

       47
       47
       -
             dnsProvider = "cloudflare";

     

       47
       47
       +
             dnsProvider = "bunny";

     

       48
       48
        
             credentialFiles = {

     

       49
       49
       -
               CF_DNS_API_TOKEN_FILE = config.age.secrets.cfDnsEditToken.path;

     

       49
       49
       +
               BUNNY_API_KEY_FILE = config.age.secrets.bunnyApiKey.path;

     

       50
       50
        
             };

     

       51
       51
        
           };

     

       52
       52
        
           certs."poor.dog" = { };

+21

secrets/bunnyApiKey.age

···

       1
       1
       +
       age-encryption.org/v1

     

       2
       2
       +
       -> ssh-rsa Abmvag

     

       3
       3
       +
       XNh6H/W0srZXbGmkLGQ/YpXfamisyK/duLeSftkcrXU67b5s8x40HUv1NaKr/QQt

     

       4
       4
       +
       7ZBvKfm+8YsKcmmXaIINOHl6/LQ6GTpWprN91VDxTGOGzpO/GmD8MOUk8zfJYh+D

     

       5
       5
       +
       3soDoZuuk1gr8Q7+f8AIrfT+x3QwHA2h3hCm3un3MqhmAicTTip2C3NFQhlsEwHi

     

       6
       6
       +
       DhgOJ1Wy9/lSXwIzhg62s8KDOQ4cBETA8PRvspWh8GsV1oLU/brk2itwUaj0P8xA

     

       7
       7
       +
       uQrQzo71rbUttXeGnW4yBZjzzGMJe5iHY3H4aQxjklC1yGpInDf3HGaO6X/yaZBx

     

       8
       8
       +
       vRx2YxwCH4AdhgVpllbZo2++uGX8mye6fu5Lap04+dXU+ubglEvDQ1uRDrbXML9/

     

       9
       9
       +
       PpRszgmu5z7k9u+qWI/aBywUChvVSy4TDWKcj2JAqvCuU7QYiEi6SKhIiDLNd/BQ

     

       10
       10
       +
       7aa/GHSUpUu6TnpRwuBF4l2g5+jO27hsNWb3nAm/SV5YHEVCn+Tr5PiRPxBK8Fa0

     

       11
       11
       +
       ngJjBK5r4ra+uGulwGn1uoM0jYVCl6EtjtKgLeP5cvbdLylKWRXRYxyL7XTxqmHb

     

       12
       12
       +
       oLJsVvxuF1pFiaUkAmMBctaYdMw9EVwV8vTp4/eebVe6pU0Lmxv5B0u5nDiWar5o

     

       13
       13
       +
       RQzfwfGhtOaE0PUQNqVz7VfdoIzCcUjqnJMwInh+XwU

     

       14
       14
       +
       -> ssh-ed25519 y5W/qA rZ2rTM2n2bPULAefeeUvEFwskCNIEh5KdkC7uEnBcXM

     

       15
       15
       +
       P75OaqdeAt3BVa/xprDvJ/bLoGLkU6qdteVvwD9fO8M

     

       16
       16
       +
       -> ssh-ed25519 LaQclg Bnt8Z3Cve0gG6ItbJq+1+fUT/ykFsngstap8ymEr1m4

     

       17
       17
       +
       filHMr3njOkRpbu4UwutvqxVLf8joTBvqs3JT1gu7kk

     

       18
       18
       +
       --- pkIfClG050A3Kp8c+HUQJDwlxM1BbFaCRx8Vp0++xbI

     

       19
       19
       +
       4�dc���/\�ڦ �@:e��:e�o;�

     

       20
       20
       +
       �E�d\W�#m

     

       21
       21
       +
       ��WA��#�uaJ��T�<���X�R���X�X"9
���)�'U:7��+�,�hNϏ�Ul\�FSP8c

+5 -6

secrets/secrets.nix

···

       1
       1
        
       let

     

       2
       2
        
         yusdacra = builtins.readFile ./yusdacra.key.pub;

     

       3
       3
       -
         wolumonde = builtins.readFile ./wolumonde.key.pub;

     

       4
       3
        
         dzwonek = builtins.readFile ./dzwonek.key.pub;

     

       5
       4
        
         trimounts = builtins.readFile ./trimounts.key.pub;

     

       6
       5
        
         develMobi = builtins.readFile ./develMobi.key.pub;

     
···

       9
       8
        
         "nixGithubAccessToken.age".publicKeys = [ yusdacra ];

     

       10
       9
        
         "websiteConfig.age".publicKeys = [

     

       11
       10
        
           yusdacra

     

       12
       12
       -
           wolumonde

     

       13
       11
        
           trimounts

     

       14
       12
        
         ];

     

       15
       13
        
         "pdsConfig.age".publicKeys = [

     

       16
       14
        
           yusdacra

     

       17
       17
       -
           wolumonde

     

       18
       15
        
           trimounts

     

       19
       16
        
         ];

     

       20
       17
        
         "clickeeProxyConfig.age".publicKeys = [

     

       21
       18
        
           yusdacra

     

       22
       22
       -
           wolumonde

     

       23
       19
        
           trimounts

     

       24
       20
        
         ];

     

       25
       21
        
         "persesSecret.age".publicKeys = [

     

       26
       22
        
           yusdacra

     

       27
       27
       -
           wolumonde

     

       28
       23
        
           trimounts

     

       29
       24
        
         ];

     

       30
       25
        
         "headscaleOidcSecret.age".publicKeys = [

     
···

       38
       33
        
         "cloudflareDnsEdit.age".publicKeys = [

     

       39
       34
        
           yusdacra

     

       40
       35
        
           dzwonek

     

       41
       41
       -
           wolumonde

     

       36
       36
       +
           trimounts

     

       37
       37
       +
         ];

     

       38
       38
       +
         "bunnyApiKey.age".publicKeys = [

     

       39
       39
       +
           yusdacra

     

       40
       40
       +
           dzwonek

     

       42
       41
        
           trimounts

     

       43
       42
        
         ];

     

       44
       43
        
       }