caspervk/nixos
1
0
Fork 0
Code Activity Actions

Compare commits

base: caspervk:931bce3d9f11279271a2a77e6843ad474c9ce220
Branches Tags
caspervk:master
caspervk:dev
..
compare: caspervk:4c3ed32c7a35fc8dd9f71bb05343f51217c4e846
Branches Tags
caspervk:master
caspervk:dev

No commits in common. "931bce3d9f11279271a2a77e6843ad474c9ce220" and "4c3ed32c7a35fc8dd9f71bb05343f51217c4e846" have entirely different histories.
931bce3d9f ... 4c3ed32c7a

5 changed files with 30 additions and 42 deletions
Show stats Expand all files Collapse all files

8
flake.lock generated
View file

@ -165,11 +165,11 @@
},
"secrets": {
"locked": {
"lastModified": 1713917034,
"narHash": "sha256-TcRTcrx6Y+qZpoOvCu+DNyHWGFOFxL4bDMCD2EvYNsg=",
"lastModified": 1713906026,
"narHash": "sha256-pI2SocGL1Ev54UXizRL2L6t3UmBFVGGmcSgBmthSeJU=",
"ref": "refs/heads/master",
"rev": "d73392f1e37da591bbc2700a37beba60c5bc4648",
"revCount": 25,
"rev": "84f9be99ee397303cb23dfc8713115088fa7a53d",
"revCount": 23,
"type": "git",
"url": "ssh://git@git.caspervk.net/caspervk/nixos-secrets.git"
},

22
hosts/alpha/acme.nix
View file

@ -1,16 +1,14 @@
{lib, ...}: {
security.acme.certs = {
"caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"caddy.service"
"murmur.service"
];
# The NixOS Caddy module is a little too clever and sets the cert's group
# to 'caddy', which means other services can't load it. This is not needed
# since we handle the group membership manually.
group = lib.mkForce "acme";
};
security.acme.certs."caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"caddy.service"
"murmur.service"
];
# The NixOS Caddy module is a little too clever and sets the cert's group
# to 'caddy', which means other services can't load it. This is not needed
# since we handle the group membership manually.
group = lib.mkForce "acme";
};
users.groups.acme.members = [
"caddy"

14
hosts/delta/acme.nix
View file

@ -1,12 +1,10 @@
{...}: {
security.acme.certs = {
"caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"kresd@1.service"
"kresd@2.service"
];
};
security.acme.certs."caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"kresd@1.service"
"kresd@2.service"
];
};
users.groups.acme.members = [
"knot-resolver"

26
hosts/sigma/acme.nix
View file

@ -1,21 +1,13 @@
{lib, ...}: {
security.acme.certs = {
"caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"caddy.service"
];
# The NixOS Caddy module is a little too clever and sets the cert's group
# to 'caddy', which means other services can't load it. This is not needed
# since we handle the group membership manually.
group = lib.mkForce "acme";
};
"sudomail.org" = {
reloadServices = [
"caddy.service"
];
group = lib.mkForce "acme";
};
security.acme.certs."caspervk.net" = {
domain = "*.caspervk.net";
reloadServices = [
"caddy.service"
];
# The NixOS Caddy module is a little too clever and sets the cert's group
# to 'caddy', which means other services can't load it. This is not needed
# since we handle the group membership manually.
group = lib.mkForce "acme";
};
users.groups.acme.members = [
"caddy"

2
modules/server/caddy.nix
View file

@ -20,7 +20,7 @@ lib.mkIf (config.services.caddy.virtualHosts != {}) {
environment.persistence."/nix/persist" = {
directories = [
{
directory = "/var/www/html";
directory = "/var/lib/caddy";
user = "caddy";
group = "caddy";
mode = "0755";