alejandro-angulo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Refactored how SSL certs are configured for nginx

Browse source 
Made a separate ACME module to handle requesting certs from multiple
machines. Right now, the module only supports exactly one wildcard cert.
It might make sense to have cache.kilonull.com use a cert specific to
its subdomain rather than also requesting a wildcard cert (or maybe the
nginx on its host shouldn't care about TLS and it should be node's
responsibility).
This commit is contained in:
Alejandro Angulo 2023-07-16 10:53:02 -07:00
parent 60917107b1
commit d5969ca923
Signed by: alejandro-angulo
GPG key ID: 75579581C74554B6
9 changed files with 128 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
secrets/cf_dns_kilonull.age
View file

Binary file not shown.

3
secrets/secrets.nix
View file

@ -2,8 +2,9 @@ let
# Remember to pass '--identity identities/me.txt` when using this key
users.me = "age1yubikey1qdwgvfqrcqmyw56ux7azuvqr6f8nanszu27nztvxmn4utmplgxctzt90g25";
machines.gospel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDzjXVoQEfO9JIcFbp56EvQ0oBdr9Cmhxp4z0ih+ZEZ";
machines.node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETLBnc8kJokmFiA28BaSYpeE7flY1W0SM5C1pWv/tOv";
in {
"cf_dns_kilonull.age".publicKeys = [users.me machines.node];
"cf_dns_kilonull.age".publicKeys = [users.me machines.node machines.gospel];
"nextcloud_admin.age".publicKeys = [users.me machines.node];
}