chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Start using age for secret management

Browse source
This commit is contained in:
Charlotte Van Petegem 2021-06-20 00:18:20 +02:00
parent 276c8f33c8
commit da9160559c
No known key found for this signature in database
GPG key ID: 019E764B7184435A
39 changed files with 281 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

7
modules/nginx.nix
View file

@ -13,7 +13,6 @@
fqdn = "data.vanpetegem.me";
options = {
default = true;
basicAuthFile = "/data/var/secrets/data.vanpetegem.me.htpasswd";
root = "/srv/data";
locations = {
"/".extraConfig = ''
@ -47,7 +46,7 @@
security.acme = {
certs."vanpetegem.me" = {
dnsProvider = "cloudflare";
credentialsFile = "/data/var/secrets/vanpetegem.me-cloudflare";
credentialsFile = config.age.secrets."passwords/services/acme".path;
extraDomainNames = [
"*.vanpetegem.me"
"cvpetegem.be"
@ -61,6 +60,10 @@
acceptTerms = true;
preliminarySelfsigned = false;
};
age.secrets."passwords/services/acme" = {
file = ../secrets/passwords/services/acme.age;
owner = "acme";
};
chvp.zfs.systemLinks = [
{ type = "data"; path = "/var/lib/acme"; }
];