TheWanderingCrow/CrOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

import acme

Browse source
This commit is contained in:
TheWanderingCrow 2025-07-02 16:57:33 -04:00
parent 023f60009a
commit b12e4f74a9
1 changed files with 52 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

52
hosts/nixos/HandlerOne/default.nix
View file

@ -4,6 +4,7 @@
# # # #
###################### ######################
{ {
config,
inputs, inputs,
lib, lib,
pkgs, pkgs,
@ -32,6 +33,9 @@
# Optional configs # Optional configs
"hosts/common/optional/keyd.nix" "hosts/common/optional/keyd.nix"
# Hosted services
"modules/services/actualbudget"
]) ])
]; ];
@ -53,4 +57,52 @@
canTouchEfiVariables = true; canTouchEfiVariables = true;
}; };
}; };
#FIXME(TODO) Migrate this into another file, probably a module
sops = {
secrets = {
"aws/access_key" = {};
"aws/secret_key" = {};
"aws/region" = {};
};
templates = {
"aws_shared_credentials".content = ''
[default]
aws_access_key_id=${config.sops.placeholder."aws/access_key"}
aws_secret_access_key=${config.sops.placeholder."aws/secret_key"}
'';
"aws_env".content = ''
AWS_REGION=${config.sops.placeholder."aws/region"}
'';
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "infrastructure@wanderingcrow.net";
group = config.services.nginx.group;
dnsProvider = "route53";
credentialFiles = {
"AWS_SHARED_CREDENTIALS_FILE" = config.sops.templates."aws_shared_credentials".path;
};
environmentFile = config.sops.templates."aws_env".path;
};
certs = {
"wanderingcrow.net" = {};
"umami.wanderingcrow.net" = {};
"garage.wanderingcrow.net" = {};
"bar.wanderingcrow.net" = {};
"home.wanderingcrow.net" = {};
"homebox.wanderingcrow.net" = {};
"cache.wanderingcrow.net" = {};
"openhab.wanderingcrow.net" = {};
"frigate.wanderingcrow.net" = {};
"notes.wanderingcrow.net" = {};
"grocy.wanderingcrow.net" = {};
"barcodebuddy.grocy.wanderingcrow.net" = {};
"budget.wanderingcrow.net" = {};
"matrix.wanderingcrow.net" = {};
};
};
} }