From b12e4f74a949bf7cc4c89817da105ea5e2cf3113 Mon Sep 17 00:00:00 2001 From: TheWanderingCrow Date: Wed, 2 Jul 2025 16:57:33 -0400 Subject: [PATCH] import acme --- hosts/nixos/HandlerOne/default.nix | 52 ++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/hosts/nixos/HandlerOne/default.nix b/hosts/nixos/HandlerOne/default.nix index a11cc11..6b5f889 100644 --- a/hosts/nixos/HandlerOne/default.nix +++ b/hosts/nixos/HandlerOne/default.nix @@ -4,6 +4,7 @@ # # ###################### { + config, inputs, lib, pkgs, @@ -32,6 +33,9 @@ # Optional configs "hosts/common/optional/keyd.nix" + + # Hosted services + "modules/services/actualbudget" ]) ]; @@ -53,4 +57,52 @@ canTouchEfiVariables = true; }; }; + + #FIXME(TODO) Migrate this into another file, probably a module + sops = { + secrets = { + "aws/access_key" = {}; + "aws/secret_key" = {}; + "aws/region" = {}; + }; + templates = { + "aws_shared_credentials".content = '' + [default] + aws_access_key_id=${config.sops.placeholder."aws/access_key"} + aws_secret_access_key=${config.sops.placeholder."aws/secret_key"} + ''; + "aws_env".content = '' + AWS_REGION=${config.sops.placeholder."aws/region"} + ''; + }; + }; + + security.acme = { + acceptTerms = true; + defaults = { + email = "infrastructure@wanderingcrow.net"; + group = config.services.nginx.group; + dnsProvider = "route53"; + credentialFiles = { + "AWS_SHARED_CREDENTIALS_FILE" = config.sops.templates."aws_shared_credentials".path; + }; + environmentFile = config.sops.templates."aws_env".path; + }; + certs = { + "wanderingcrow.net" = {}; + "umami.wanderingcrow.net" = {}; + "garage.wanderingcrow.net" = {}; + "bar.wanderingcrow.net" = {}; + "home.wanderingcrow.net" = {}; + "homebox.wanderingcrow.net" = {}; + "cache.wanderingcrow.net" = {}; + "openhab.wanderingcrow.net" = {}; + "frigate.wanderingcrow.net" = {}; + "notes.wanderingcrow.net" = {}; + "grocy.wanderingcrow.net" = {}; + "barcodebuddy.grocy.wanderingcrow.net" = {}; + "budget.wanderingcrow.net" = {}; + "matrix.wanderingcrow.net" = {}; + }; + }; }