mirror of
https://github.com/TheWanderingCrow/CrOS.git
synced 2026-01-11 09:44:08 -05:00
47 lines
1.2 KiB
Nix
47 lines
1.2 KiB
Nix
{
|
|
lib,
|
|
pkgs,
|
|
config,
|
|
...
|
|
}:
|
|
lib.mkIf config.user.overseer.enable {
|
|
sops = {
|
|
secrets = {
|
|
"aws/access_key" = {};
|
|
"aws/secret_key" = {};
|
|
"aws/region" = {};
|
|
};
|
|
templates = {
|
|
"aws_shared_credentials".content = ''
|
|
[default]
|
|
aws_access_key_id=${config.sops.placeholder."aws/access_key"}
|
|
aws_secret_access_key=${config.sops.placeholder."aws/secret_key"}
|
|
'';
|
|
"aws_env".content = ''
|
|
AWS_REGION=${config.sops.placeholder."aws/region"}
|
|
'';
|
|
};
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults = {
|
|
email = "infrastructure@wanderingcrow.net";
|
|
group = config.services.nginx.group;
|
|
dnsProvider = "route53";
|
|
credentialFiles = {
|
|
"AWS_SHARED_CREDENTIALS_FILE" = config.sops.templates."aws_shared_credentials".path;
|
|
};
|
|
environmentFile = config.sops.templates."aws_env".path;
|
|
};
|
|
certs = {
|
|
"wanderingcrow.net" = {};
|
|
"bar.wanderingcrow.net" = {};
|
|
"home.wanderingcrow.net" = {};
|
|
"homebox.wanderingcrow.net" = {};
|
|
"bookstack.wanderingcrow.net" = {};
|
|
"grocy.wanderingcrow.net" = {};
|
|
"cache.wanderingcrow.net" = {};
|
|
};
|
|
};
|
|
}
|