soopy.moe / gensokyo
nixos config
fork atom

feat: switch back to cloudflare for dns

Cassie Cheung 1cab8024 702159d4

options
unified split
Changed files
+12 -6
systems
koumakan
certificates
default.nix
+12 -6
systems/koumakan/certificates/default.nix 
···

       
1

       

       
-

       
{...}: {


     

       

       
1

       
+

       
{_utils, config, ...}: let


     

       

       
2

       
+

       
  secrets = _utils.setupSecrets config {


     

       

       
3

       
+

       
    namespace = "lego";


     

       

       
4

       
+

       
    secrets = ["cf_token"];


     

       

       
5

       
+

       
  };


     

       

       
6

       
+

       
in {


     

       
2

       
7

       
 

       
  imports = [


     

       
3

       
8

       
 

       
    ./global.nix


     

       
4

       
9

       
 

       
    ./postgresql.nix


     

       
5

       
10

       
 

       
    ./fediverse.nix


     

       
6

       
11

       
 

       
    ./proxy.nix


     

       

       
12

       
+

       
    secrets.generate


     

       
7

       
13

       
 

       
  ];


     

       
8

       
14

       
 

       



     

       
9

       
15

       
 

       
  security.acme = {


     

       
10

       
16

       
 

       
    defaults = {


     

       
11

       
17

       
 

       
      # == lego Configuration ==


     

       
12

       

       
-

       
      credentialsFile = "/etc/lego/desec";


     

       
13

       

       
-

       
      dnsProvider = "desec";


     

       
14

       

       
-

       
      # In a more ideal world we would have an eddsa algo here but oh well


     

       

       
18

       
+

       
      credentialFiles = {


     

       

       
19

       
+

       
        CLOUDFLARE_API_KEY = secrets.get "cf_token";


     

       

       
20

       
+

       
      };


     

       

       
21

       
+

       
      dnsProvider = "cloudflare";


     

       

       
22

       
+

       
      # In an ideal world we would have an ed/cv25519 algo here but oh well


     

       
15

       
23

       
 

       
      keyType = "ec256"; # Ensure we use ec keys


     

       
16

       

       
-

       



     

       
17

       

       
-

       
      dnsResolver = "8.8.8.8:53";


     

       
18

       
24

       
 

       



     

       
19

       
25

       
 

       
      # == LE Configuration ==


     

       
20

       
26

       
 

       
      email = "me@soopy.moe";