From 281084402a2b009dd9f3eff340319d24f2d64a96 Mon Sep 17 00:00:00 2001 From: albert Date: Mon, 5 Aug 2024 21:54:32 +0900 Subject: [PATCH] Updates --- nixos/hosts/osaka-linode-01/firewall.nix | 9 ++++++++- secrets/cloudflare.yaml | 5 +++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/nixos/hosts/osaka-linode-01/firewall.nix b/nixos/hosts/osaka-linode-01/firewall.nix index ed120f30..324e43b2 100644 --- a/nixos/hosts/osaka-linode-01/firewall.nix +++ b/nixos/hosts/osaka-linode-01/firewall.nix @@ -56,21 +56,28 @@ sopsFile = ../../../secrets/cloudflare.yaml; }; + sops.secrets."cloudflare/email" = { + owner = "haproxy"; + sopsFile = ../../../secrets/cloudflare.yaml; + }; + security.acme = { acceptTerms = true; defaults = { - keyType = "pem"; group = "haproxy"; + extraLegoFlags = [ "--pem" ]; reloadServices = [ "haproxy" ]; email = "albert@sysctl.io"; dnsProvider = "cloudflare"; credentialFiles = { CLOUDFLARE_API_KEY_FILE = "/var/run/secrets/cloudflare/api_key"; + CLOUDFLARE_EMAIL_FILE = "/var/run/secrets/cloudflare/email"; }; }; certs = { "sysctl.io" = { directory = "/haproxy/"; + enableDebugLogs = true; }; }; }; diff --git a/secrets/cloudflare.yaml b/secrets/cloudflare.yaml index 46c602ad..95ea9022 100644 --- a/secrets/cloudflare.yaml +++ b/secrets/cloudflare.yaml @@ -1,4 +1,5 @@ cloudflare: + email: ENC[AES256_GCM,data:ycl75o3oi/zF6czNBfKzIg==,iv:MWUwoMU4XfHX9rilJlRGuPbISvhwtMAfku/0ZAckTSo=,tag:nekhk1dNOKeuYg87/ulDKA==,type:str] api_key: ENC[AES256_GCM,data:DEPN2A7lQy74PIUdS1IBcQrO/hk77rApSjL6ET4NRizkpI2r,iv:xVwDzr1zJpt7UlfQZ87m+sY8VjDe/t/1hr41pMq9osg=,tag:2nzfNdeOU6Wx7tGIdMEZWQ==,type:str] sops: kms: [] @@ -6,8 +7,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-08-05T12:28:18Z" - mac: ENC[AES256_GCM,data:agVBlqv2ly721vWi+CL0s11jg9lkzpeuaQWr//qeZ9Tu67CM/DOzj+PZs29tkgnv/nFALxPQ4vXB89iW/106tJrKzZT5DhNRvAfDlC7gWTquPXxw6KkvlqSXlcFxsJjBRmQeUVnkk37zn2KQQl8dfn8KdyHU2WyJDEMNcV9miho=,iv:Qj0eSeaGpS6zbbjts20H81NOeyPbL9vA2g1UNr3Z+vY=,tag:Kt9h1ESzO2ARlEqbqp1fqQ==,type:str] + lastmodified: "2024-08-05T12:54:12Z" + mac: ENC[AES256_GCM,data:okgSNCxIjjO1Et52EVeaCz7Ep+QqEcwvTsyTmZEW1gedc7bQSCYra+E5RqS/xlVw6//+N5VJx0kSBYG79KVwMWC9tnm9FSwQwFBb8MvCjEdH2Dgxf9VXYd53P8SdLA8hQoFfREJekIbTiZoVGG6mk4Yl++ufECG/zl1IE6/eeVg=,iv:IiGI8uRJA/H8uIBd2nexg4R4ORVrtAvFIkKEMBB2/bQ=,tag:13Fgq4FSOim3V9l72XzjHA==,type:str] pgp: - created_at: "2024-08-05T12:38:54Z" enc: |-