diff options
| author | Mike Vink <ivi@vinkies.net> | 2024-01-09 01:24:44 +0100 |
|---|---|---|
| committer | Mike Vink <ivi@vinkies.net> | 2024-01-09 01:24:44 +0100 |
| commit | 2b922d62443b28e199b2bfa49f214f4e9b167947 (patch) | |
| tree | 9354df5ceb5526c297249500363f9c2d3e3dfaab | |
| parent | 499b07a43dc82954002d5e4a0335ebeea9c9613e (diff) | |
got dns challenge cert
| -rw-r--r-- | profiles/homeserver/acme.nix | 8 | ||||
| -rw-r--r-- | secrets/porkbun | 8 |
2 files changed, 9 insertions, 7 deletions
diff --git a/profiles/homeserver/acme.nix b/profiles/homeserver/acme.nix index a30e395..8b2a1e9 100644 --- a/profiles/homeserver/acme.nix +++ b/profiles/homeserver/acme.nix @@ -2,12 +2,14 @@ security.acme = { acceptTerms = true; defaults = { - # NOTE(ivi): use dns wildcard certs for local services - domain = "*.vinkies.net"; extraLegoRunFlags = ["--preferred-chain" "ISRG Root X1"]; email = ivi.email; dnsProvider = "porkbun"; - credentialsFile = config.secrets.porkbun.path; + environmentFile = config.secrets.porkbun.path; + }; + certs."vinkies.net" = { + # NOTE(ivi): use dns wildcard certs for local services + domain = "*.vinkies.net"; }; }; } diff --git a/secrets/porkbun b/secrets/porkbun index 3899c17..552523c 100644 --- a/secrets/porkbun +++ b/secrets/porkbun @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:p2Xf9Pnmpus9cL4+lZmLtSQCDROwE+xpqAPx29eWqfgMRGTJGREbF3fqBO76CV1KU/KmY0UxazMGBf2ErkMuCbx49sNskOD2PHFpakG6B31Qn9akIvGOk6rJZuQMtOjtcKsOg4nK8eVy182eCpuSOt91dJUy3XgpxieNhUDSc+SjXfn5vpoJic3SHKK6ZxXFagXxId2FenGYUlCWzwywXCiL4CEJjzHYJnhO3GC7VAYg,iv:K0NdPIGJFaO7Gq2K80tjAUfnp9+KmOCefmVG85nnPgY=,tag:+gPX3MfK4bDdGyhQ6N3Vog==,type:str]", + "data": "ENC[AES256_GCM,data:FTPzhFADwDaHzKpJ5fqMkRwkvFMPLm4aGWAGVzcqsNJv9bPeKK/WTSbthAW8XDZ6XeIc+W43R2S85ewcuPKDTlUlrHK7h6qJhyKpmDTn7nc3YkTImjKxCTqifVKYJBrCqTj3GqzL613gLzQgWxypwzBI3WM5xEKb6Jls7OqezPMIrfWOPI9EzBBoOfyonAUrJjTunl9rL1qu+rsoAJ56OhYPTzLpYzaOYv04xKR3+GGS,iv:D0eRsFsDWPnqzh1yOu/iGF1noAYT7KpccYnmuJN2pEU=,tag:jX5N/BsrPPw2GyjOTPuHmw==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -19,10 +19,10 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYaHlEK2xLTjd3T2thdHU0\nT2JXQnhnMDRkQXlpODkvRnZGbGFsVC9RK2tZCnc4cGd3V0FKNEFwd0NIWEFvdmVn\nM2ozckMxd0tRUld6UFdqNkZVOXc1eWcKLS0tIHFyUlllbU9yV3JSVTl2VG9HUkxG\ncmJKQndaNkxWenFuaEpqRERTa0xUWEEKHuE6nfwKRS7gsbf8IuISXrWanrLTvE82\nnnwDIA4kgt+2sFbgygYhTO+duvMSVkGflc7SjZMNiIm6gklC1A5yPg==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2023-10-17T23:45:30Z", - "mac": "ENC[AES256_GCM,data:MtQ/ILhaNPFkxeEa/3hJV7sZ3S2qRVsYRcrvpvVyQzeBKHaG4Z61qQBlqkdUy1VWVc6te+B8eeMS5oexsP1ztGHsary715U5xUmHW1jiz8mITGfq5KOi91Xh54+v08mAexVZeEzZFxGpqkgyPY/UjFOnmeALGsEZLi0NL923/TQ=,iv:EzHS6yu3bjHNKSyOXqyeXDsQeOPUxpkORrTVVp5uQkg=,tag:gX+mf4S0QWUMkVBfU1R1zg==,type:str]", + "lastmodified": "2024-01-09T00:22:54Z", + "mac": "ENC[AES256_GCM,data:B+Bsoq+VahzcZM/0s7OGGNql3+b+8JT2fvPaps9f8sNQO/Vs8rsR20xIhlqFP0XCE9mkt5CQLz8A7z5hhMYW2cE+hNJdAAToEcFLgx3q9y3YAuGZc2fsb3dPL1revEHPdZg46wqi2bQomIhXUMBEZED5yEnzNto5MmoqZV3D6Yw=,iv:VHrU2KrTsV+8xH9RiQZqf8ynZTvnRZylLIvi/YTnUJU=,tag:N0MVEe/n3s/YPIQHNaetuw==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", - "version": "3.8.0" + "version": "3.8.1" } }
\ No newline at end of file |