mirror of
https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git
synced 2024-11-09 21:38:34 +01:00
Use DNS validation
This commit is contained in:
parent
c96a0534aa
commit
4d4bdbefec
4 changed files with 32 additions and 6 deletions
|
@ -3,7 +3,7 @@ keys:
|
||||||
- &laptop_ssh_pubkey age1xrzl49tvnatuu55xu5av6xcxyhrakd7mkzl5kz30kqqaxvh2m3sqax8jeu
|
- &laptop_ssh_pubkey age1xrzl49tvnatuu55xu5av6xcxyhrakd7mkzl5kz30kqqaxvh2m3sqax8jeu
|
||||||
- &vps_ssh_pubkey age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
|
- &vps_ssh_pubkey age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/.*\.(yaml|json)$
|
- path_regex: secrets/.*\.(yaml|json|env)$
|
||||||
key_groups:
|
key_groups:
|
||||||
- pgp:
|
- pgp:
|
||||||
- *primary_gpg
|
- *primary_gpg
|
||||||
|
|
|
@ -294,6 +294,10 @@ in
|
||||||
defaultSopsFile = ../../secrets/secrets.yaml;
|
defaultSopsFile = ../../secrets/secrets.yaml;
|
||||||
defaultSopsFormat = "yaml";
|
defaultSopsFormat = "yaml";
|
||||||
secrets.example_key = {};
|
secrets.example_key = {};
|
||||||
|
# secrets.porkbun = {
|
||||||
|
# sopsFile = ../../secrets/porkbun.env;
|
||||||
|
# format = "dotenv";
|
||||||
|
# };
|
||||||
};
|
};
|
||||||
|
|
||||||
# OnlyKey
|
# OnlyKey
|
||||||
|
|
|
@ -95,6 +95,10 @@ in
|
||||||
owner = config.users.users.akkoma.name;
|
owner = config.users.users.akkoma.name;
|
||||||
group = config.users.users.akkoma.group;
|
group = config.users.users.akkoma.group;
|
||||||
};
|
};
|
||||||
|
secrets.porkbun = {
|
||||||
|
sopsFile = ../../secrets/porkbun.env;
|
||||||
|
format = "dotenv";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.nginx.extraGroups = [ "acme" ];
|
users.users.nginx.extraGroups = [ "acme" ];
|
||||||
|
@ -111,7 +115,7 @@ in
|
||||||
};
|
};
|
||||||
virtualHosts.${rootDomain} = {
|
virtualHosts.${rootDomain} = {
|
||||||
onlySSL = true;
|
onlySSL = true;
|
||||||
enableACME = true;
|
useACMEHost = "${rootDomain}";
|
||||||
root = "/var/www/todo";
|
root = "/var/www/todo";
|
||||||
};
|
};
|
||||||
virtualHosts.${gtnhDomain} = {
|
virtualHosts.${gtnhDomain} = {
|
||||||
|
@ -140,11 +144,15 @@ in
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
defaults.email = "lgmrszd@disroot.org";
|
defaults.email = "lgmrszd@disroot.org";
|
||||||
certs.${rootDomain} = {
|
certs.${rootDomain} = {
|
||||||
|
# domain = "*.${rootDomain}";
|
||||||
|
dnsProvider = "porkbun";
|
||||||
|
environmentFile = config.sops.secrets.porkbun.path;
|
||||||
extraDomainNames = [
|
extraDomainNames = [
|
||||||
gtnhDomain
|
"*.${rootDomain}"
|
||||||
akkoDomain
|
# gtnhDomain
|
||||||
iceDomain
|
# akkoDomain
|
||||||
discDomain
|
# iceDomain
|
||||||
|
# discDomain
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
14
secrets/porkbun.env
Normal file
14
secrets/porkbun.env
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
#ENC[AES256_GCM,data:QtPfbzdPdADup2eK3ndD9OQ=,iv:Rh4WvqtmhloQP141pLt6Nml6NIhe6OFJzJBsJlcktno=,tag:z6YJcuDJ+cbrt4pTKRv4JA==,type:comment]
|
||||||
|
PORKBUN_SECRET_API_KEY=ENC[AES256_GCM,data:U1x8/saUkyE/6YzoVmUcYeKCe7JACJb0LBOZUFTT6pRmBs4VHgRQnoA/oL2lzmojtQL1VEcYhlhAANQb6F+hlYZnF8k=,iv:KrARR9Xv18hg2YiWEgStveEvDcxiEwwJWT1W6NNrlz8=,tag:seUpwyy1jJUKWsgaq8W/rw==,type:str]
|
||||||
|
PORKBUN_API_KEY=ENC[AES256_GCM,data:aP+99C3quMNyoVvuU+JkkLIqgTTI3dL+LtARSpycvFysaEj5hha7yR6PoXJGKf4Wc7RmDz5NKN/ad3ro8kZX9lZ2ofI=,iv:D/wyJZBsXr0BjUvC7o0VzFdRDymT8rBuvulUv7qjEIg=,tag:yHxwDtVQ8dCNORM3/XiZvA==,type:str]
|
||||||
|
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHdGhOUVNxN1cxVXZNR1FD\nVnFaZllEZ1ZNVUN5a0NYR1ZiYUFzMVlLMUJBCjN1UENJSHRwTGhTWXI3M1YvcmJi\nTk5ldDM4UUxnMFNCREhlUEJrbUlTTUUKLS0tIFJ0ajRqbUdQNkRzWE0rSlFqbEtn\nNTFTb29zT1hZUEx2VkROQndVS2tuL0UKMywal3iyD1hP3ze4z5F/x0WWZg7M/bBD\n8gazBMeDc6BhEl5gyibmMRj/GJpWHKE+Z9DIFke1w3i/7/He5UKLyA==\n-----END AGE ENCRYPTED FILE-----\n
|
||||||
|
sops_age__list_0__map_recipient=age1acgqxvyczgsamz53z3v0gmahzfxlg9tscwnrgcxrfndgxhsvn3vs4ss5tk
|
||||||
|
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCMW5ZZC9RTG1DV0Y0UWpm\nS1ZhcDV3WW8zcWczZCtyZnhTRitUaEZ6SWhRCloyTUhRMXZmTXpXWFhiWEJQODRq\nZ3N0NThlT0pZazRhTk5sY0ZFUXFUWWMKLS0tIGNaNjMxb0RpWWRBK25wNFI0UElC\nZkw4TjBneDAvZjdXRzJRR2RiT2RJSlEKz4gM+YVkJq/XgHzU40kaEM8JuBuwWxOF\n3faSazb6GSvIYISMI5yNpI8c46kCzPfowjsHmTEoYloxI9CKW2k/Tw==\n-----END AGE ENCRYPTED FILE-----\n
|
||||||
|
sops_age__list_1__map_recipient=age1xrzl49tvnatuu55xu5av6xcxyhrakd7mkzl5kz30kqqaxvh2m3sqax8jeu
|
||||||
|
sops_lastmodified=2024-02-18T12:13:05Z
|
||||||
|
sops_mac=ENC[AES256_GCM,data:o75BQJu3bAE+caTWz4aSCi+fBFzb5f/PAL6fgf51kZK1Qbs/qwFue6jNOjEfEECbAz6MMalUCCw/2c7IKrybsWlx6/BY74KIAvSGpmuW2Eh4RUAZAu9K+3udk7rDCRWBh745j64TX4Phk/VkYRAtaRN1Lr1cZwk3ULkZP/lQbik=,iv:EvG+pPb8gXv9UHfiAg+5AcBvhvIkftjc735zRBYAMdI=,tag:owf4pj/9ND24rN9+Z9HOMQ==,type:str]
|
||||||
|
sops_pgp__list_0__map_created_at=2024-02-18T12:04:47Z
|
||||||
|
sops_pgp__list_0__map_enc=-----BEGIN PGP MESSAGE-----\n\nhF4DrTkQq20WUVESAQdAXpQv1r53C+1WjwS3fyFBKoIGTkPgF7dtYGGqPUrpKmIw\ntwx5s7tauIKm0oXNMHoPi0D0D1eXrwQPLXS15DnSnpohNgrsRxtHT2jDnq0ge6hB\n1GYBCQIQ2JgMFQcOWzQUcdfaVgbpmiiaT/Fiy41NX27MxFMhpgP3YTzgkjquSy5j\n64aOsZIByXfE4BXq3bubHaDlj3jvqqymB3dHqb9JXJTmfZf7Ld811FgPOY0w7b42\n8XAxAYYmRDk=\n=Ve8O\n-----END PGP MESSAGE-----
|
||||||
|
sops_pgp__list_0__map_fp=D3067BE844D3FC49535A47B29396B8BA6FBB14DE
|
||||||
|
sops_unencrypted_suffix=_unencrypted
|
||||||
|
sops_version=3.8.1
|
Loading…
Reference in a new issue