commit a480a9570413cd5ce7f27296b3bd8543b5b66d82 · soopy.moe/gensokyo

+33

global/gensokyo/presets/certificates.nix

···

       1
       +
       {

     

       2
       +
         _utils,

     

       3
       +
         config,

     

       4
       +
         lib,

     

       5
       +
         ...

     

       6
       +
       }: let

     

       7
       +
         secrets = _utils.setupSecrets config {

     

       8
       +
           namespace = "lego";

     

       9
       +
           secrets = ["cf_token"];

     

       10
       +
         };

     

       11
       +
       in {

     

       12
       +
         config = lib.mkIf config.gensokyo.presets.certificates (lib.mkMerge [

     

       13
       +
           {

     

       14
       +
             security.acme = {

     

       15
       +
               acceptTerms = true;

     

       16
       +
       

     

       17
       +
               defaults = {

     

       18
       +
                 # == lego Configuration ==

     

       19
       +
                 # In an ideal world we would have an ed/cv25519 algo here but oh well

     

       20
       +
                 keyType = "ec256"; # Ensure we use ec keys

     

       21
       +
                 credentialFiles.CLOUDFLARE_DNS_API_TOKEN_FILE = secrets.get "cf_token";

     

       22
       +
                 dnsProvider = "cloudflare";

     

       23
       +
       

     

       24
       +
                 # == LE Configuration ==

     

       25
       +
                 email = "me@soopy.moe";

     

       26
       +
                 # server = "https://acme-staging-v02.api.letsencrypt.org/directory";

     

       27
       +
                 server = "https://acme-v02.api.letsencrypt.org/directory";

     

       28
       +
               };

     

       29
       +
             };

     

       30
       +
           }

     

       31
       +
           secrets.generate

     

       32
       +
         ]);

     

       33
       +
       }

global/gensokyo/presets/default.nix

···

       2
        
         imports = [

     

       3
        
           ./vmetrics.nix

     

       4
        
           ./nginx.nix

     

       0
        
       
     

       5
        
         ];

     

       6
        
       

     

       7
        
         options.gensokyo.presets = {

     

       8
        
           vmetrics = lib.mkEnableOption "vmetrics presets";

     

       9
        
           nginx = lib.mkEnableOption "nginx presets";

     

       0
        
       
     

       10
        
         };

     

       11
        
       }

···

       2
        
         imports = [

     

       3
        
           ./vmetrics.nix

     

       4
        
           ./nginx.nix

     

       5
       +
           ./certificates.nix

     

       6
        
         ];

     

       7
        
       

     

       8
        
         options.gensokyo.presets = {

     

       9
        
           vmetrics = lib.mkEnableOption "vmetrics presets";

     

       10
        
           nginx = lib.mkEnableOption "nginx presets";

     

       11
       +
           certificates = lib.mkEnableOption "boilerplate certificate issuing presets";

     

       12
        
         };

     

       13
        
       }