flake-parts: Almost done with yggdrasil

2025-10-28 00:17:33 +01:00 · 2025-10-28 00:17:33 +01:00 · ebc8a545c8
commit ebc8a545c8
parent d579c8ad2c
43 changed files with 2650 additions and 135 deletions
--- a/modules/server/acme.nix
+++ b/modules/server/acme.nix
@ -0,0 +1,60 @@
+{
+  flake.modules.nixos.server =
+    {
+      config,
+      lib,
+      ...
+    }:
+    let
+      sopsFile = ../../secrets/secrets-loptland.yaml;
+      domainname = "christophhollizeck.dev";
+    in
+    {
+      sops = {
+        secrets = {
+          "netcup/customer_number" = {
+            inherit sopsFile;
+          };
+
+          "netcup/api/key" = {
+            inherit sopsFile;
+          };
+
+          "netcup/api/password" = {
+            inherit sopsFile;
+          };
+        };
+
+        templates = {
+          "netcup.env" = {
+            content = ''
+              NETCUP_CUSTOMER_NUMBER=${config.sops.placeholder."netcup/customer_number"}
+              NETCUP_API_KEY=${config.sops.placeholder."netcup/api/key"}
+              NETCUP_API_PASSWORD=${config.sops.placeholder."netcup/api/password"}
+              NETCUP_PROPAGATION_TIMEOUT=1200
+            '';
+          };
+        };
+
+      };
+
+      security.acme = {
+        acceptTerms = true;
+        defaults = {
+          inherit (config.flake.meta.users.cholli) email;
+
+          group = lib.optional config.services.nginx.enable "nginx";
+          reloadServices = lib.optional config.services.nginx.enable "nginx.service";
+
+          dnsProvider = "netcup";
+          environmentFile = config.sops.templates."netcup.env".path;
+        };
+
+        certs."${domainname}" = {
+          dnsResolver = "1.1.1.1:53";
+          extraDomainNames = [ "*.${domainname}" ];
+        };
+      };
+
+    };
+}