Infinidoge/universe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Infini-OPTIPLEX: refactor nginx config and use acme certs

Browse source
This commit is contained in:
Infinidoge 2024-04-26 02:43:52 -04:00
parent 12bb7ac8db
commit d784d4eee4
Signed by: Infinidoge
SSH key fingerprint: SHA256:VEv3zmkBzcYYle6/37h+BbOyNDbGy/o8SHh7fcs9RbQ
8 changed files with 83 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

41
secrets/cloudflare.age Normal file
View file

@ -0,0 +1,41 @@
age-encryption.org/v1
-> ssh-ed25519 sQ/0YA bdZLrpAhgDR1cGuqvtygU/g7qz44celBMfdgdKs5pVU
u4MR7cphuJPrXxE4O4KxHKe5hA+yfpAIXCtLdFW4X7g
-> ssh-ed25519 i9xGKA ApbIyzP1obW6xTIc3k2yCAzu7OS9GL06PFfq+7eWUBo
4MLF/wXnyZKT5oW6w1KnyGs0CMpwRiF45uUPPeTipUk
-> ssh-ed25519 ydxrGg 1wE5Lzoe2WFqd4b3U40eZKirZDZFplYcvDEQRK8ZaFY
Fgb8zdH1nPhylAiZisJcCjhcXkFDiyvtjE1+9lHL2JY
-> ssh-ed25519 gIJNbA nay7hM7gy/4ttHKSGFBX3M8Pgk0/mV7hQct1iYbFEVw
rTsEOXxeS0uodDKl5umZWShsm1Wmix+yYSo1ClvVL/w
-> ssh-ed25519 hjL/yw 0yvxOOCOp1ro1GhWIGI5FlAuwhzJGGjlGO2gIvT8508
i5NhIa6RV92PCc2BkZc3IK3E3O9ijX9bAQE+r3wMvAk
-> ssh-ed25519 fUfJ3w 7CoXChndV4w6ABTmurE/utz6YF/u5UJYRB24I+oJszc
9Cjmu5lxhBvjrp9TUlLQv1D8kmSc/RrbDKU7BrbHqhA
-> ssh-ed25519 GT2Stg f47FuTxMHH/276mt+ZPyxqy8EWAFjbmJuQ1c7+7v4ho
AyaTVIjz6wYasq5jC25I04rELuzPxH1dd+toK0YcmWs
-> ssh-ed25519 oAMyvg A163J4rwX4GpeRXsSAh6yPMGYwKbV1sFxV7+7hIFXlw
1xCZcpxMa+paeetDRrBzUCt1IyUovqKrcy6yoy+I3hY
-> ssh-ed25519 VIHjXg 2buiXKx7aS1wSKIVNGraweUR31yYLsVUTd26uHepElY
SoXaUi1v3XoTWiNCVT6JXaJZ+p0gS6LSNiRiqNGK3wY
-> ssh-ed25519 VEv3zg V+S6jInBcxRA2fwlxjhl7Bu0HqbNWi2EHS7d3v5dXH8
t+3xDF/9B3lgD8pczmK/b9ElQnuPlWRPdQQkhkjNiuk
-> ssh-ed25519 6ZS9Zw e/aOo/WXzxRY9CRh3IlkBeMr/tN/kgmX2DdsIXtcQXc
4knjs6vhjd5anSGiVU8Xkw49pKTTh+mmUhQZx+Tm2ic
-> ssh-ed25519 2S7Wcg DMp9L3D184vO4blhskKVWeqYBFxwRMPOgapcw+iGHFA
o6v23rnOrDIKpTbk7bi2+GEsgD9NfGRgyRJrN8nlPuE
-> ssh-ed25519 izZ3FQ +CqAN8J9OvdBdoz0AAoLSP81NPCp/iPxEzgelyz5zmo
ynqnOYuKTqA6+FgqTzojd+UYyonU2c7obcVAkD/gZoY
-> ssh-ed25519 GB2MZQ toUuXPu0EFlgHgnESSG4J0s/ChMoa82Zqkz1kwlkGCs
z38Z4tTTjQw5840vkMuKQChHeKS3r6+9o0p+puB0Xck
-> ssh-ed25519 FelIjw QtRURTihkW0eL6FPar1Q6Y76xFj67kMCEUr5XQ1Usww
Gak8ABMc44e+YEVPgmlaGEhGWABChtZI2YwK2oug5t8
-> ssh-ed25519 TRpHkw ilJeOrPo7n/iM/XgN2sD24n/o8fneML+GJVMFVNOuBQ
Ew/321uCIjFYoribgxExiJFJLrDv/fF+Kks3zQc527M
-> ssh-ed25519 rKpRzQ hLsDhwmTjPa1jiLEtzh96bZBN3FJtr+YsiYGqQmtknQ
BFOzDQntC7GMV76gIP+gVaOn4SdLqstvk5JpbPz2Zgc
-> ssh-ed25519 8/Dzqw VEwMGvZBHXWmdRtpZLC2W3DlqjMl5ijLNPp0SgXiPz0
kj/pFxZmhLsuBR3IkXXRzVx2XiGvIF8W1McWe8EQ+5c
-> ssh-ed25519 tJyugw lqgZqyfXbFz5YtethmfvQF22KBze5lVBS14M05Q2DlE
jU7DD9p8XyNiLLtDocAJv1pUd8WwJCRsF0e/FjmfRXg
--- qMZs4WoAlwA3d4LeyqTZfMxSDDWagtEn0HtVUiZ2fJI
„¨w«äÝòÕW×'Õ–e°)‡Ž"uÛ¢øæƒ0¶˜ËdV%š1ì^±yµ?ó<©V}ö(Øå,ê&¯€¾huš6µTñ˜RáÌìW2Ðø¯þøú¿«<C2BF>Ú|êlÒz¤+µMõsÜö4ŠDYãõ±î€„Ü/ÚS˜>§«¬ 2X&°’÷×› hÚ$h>™d‡qöV{ :~‰˜}éUæ

3
secrets/default.nix
View file

@ -33,8 +33,7 @@ in
"borg-password" = secrets."borg-password" // { group = "borg"; mode = "440";};
}
(mkIf config.services.nginx.enable {
"inx.moe.pem" = withOwnerGroup "nginx" secrets."inx.moe.pem";
"inx.moe.key" = withOwnerGroup "nginx" secrets."inx.moe.key";
inherit (secrets) "cloudflare";
})
(mkIf config.services.vaultwarden.enable {
"vaultwarden" = withOwnerGroup "vaultwarden" secrets."vaultwarden";

BIN
secrets/inx.moe.key.age
View file

Binary file not shown.

BIN
secrets/inx.moe.pem.age
View file

Binary file not shown.

3
secrets/secrets.nix
View file

@ -27,10 +27,9 @@ in
"infinidoge-password.age".publicKeys = allKeys;
"root-password.age".publicKeys = allKeys;
"binary-cache-private-key.age".publicKeys = allKeys;
"inx.moe.pem.age".publicKeys = allKeys;
"inx.moe.key.age".publicKeys = allKeys;
"vaultwarden.age".publicKeys = allKeys;
"freshrss.age".publicKeys = allKeys;
"borg-password.age".publicKeys = allKeys;
"borg-ssh-key.age".publicKeys = allKeys;
"cloudflare.age".publicKeys = allKeys;
}