From 2ae70acf563463878155c02d02afd00bd5a5a495 Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Sun, 6 Aug 2023 20:09:15 +0100 Subject: [PATCH] acme: each server is now responsible for the certs tehy request Closes #4 --- applications/acme.nix | 2 -- applications/email.nix | 4 ++++ applications/games/minecraft.nix | 9 +++++++++ applications/gitlab.nix | 5 +++++ applications/ldap.nix | 4 ++++ applications/ldap/ldap_backend.nix | 4 ++++ applications/skynet.ie.nix | 5 +++++ applications/ulfm.nix | 4 ++++ 8 files changed, 35 insertions(+), 2 deletions(-) diff --git a/applications/acme.nix b/applications/acme.nix index a89e209..edcf37e 100644 --- a/applications/acme.nix +++ b/applications/acme.nix @@ -7,8 +7,6 @@ imports = []; options.services.skynet_acme = { - enable = mkEnableOption "Skynet Lets Encrypt certs"; - domains = lib.mkOption { default = [ ]; type = lib.types.listOf lib.types.str; diff --git a/applications/email.nix b/applications/email.nix index b69cb58..3f87dce 100644 --- a/applications/email.nix +++ b/applications/email.nix @@ -97,6 +97,10 @@ age.secrets.ldap_pw.file = ../secrets/ldap/pw.age; + skynet_acme.domains = [ + "mail.${cfg.domain.domain}" + ]; + # set up dns record for it skynet_dns.records = [ # basic one diff --git a/applications/games/minecraft.nix b/applications/games/minecraft.nix index c8cdf8b..7e1d2c3 100644 --- a/applications/games/minecraft.nix +++ b/applications/games/minecraft.nix @@ -53,6 +53,15 @@ "ip daddr ${cfg.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept" ]; + skynet_acme.domains = [ + "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + "config.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + "compsoc_classic.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + "compsoc.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + "gsoc.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + "gsoc_abridged.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + ]; + skynet_dns.records = [ # the minecraft (web) config server {record="config.${cfg.domain.sub}"; r_type="CNAME"; value=cfg.host.name;} diff --git a/applications/gitlab.nix b/applications/gitlab.nix index 32ca33f..add72dd 100644 --- a/applications/gitlab.nix +++ b/applications/gitlab.nix @@ -93,6 +93,11 @@ group = cfg.user; }; + skynet_acme.domains = [ + "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + "*.pages.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + ]; + # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide skynet_dns.records = [ {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} diff --git a/applications/ldap.nix b/applications/ldap.nix index ff1ccc0..98554d8 100644 --- a/applications/ldap.nix +++ b/applications/ldap.nix @@ -77,6 +77,10 @@ Gonna use a priper nixos module for this group = "openldap"; }; + skynet_acme.domains = [ + "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + ]; + skynet_dns.records = [ {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} ]; diff --git a/applications/ldap/ldap_backend.nix b/applications/ldap/ldap_backend.nix index e68eb3d..b8192fb 100644 --- a/applications/ldap/ldap_backend.nix +++ b/applications/ldap/ldap_backend.nix @@ -49,6 +49,10 @@ age.secrets.ldap_self_service.file = ../../secrets/ldap/self_service.age; + skynet_acme.domains = [ + "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + ]; + skynet_dns.records = [ {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} ]; diff --git a/applications/skynet.ie.nix b/applications/skynet.ie.nix index 5c5ccb4..d36e434 100644 --- a/applications/skynet.ie.nix +++ b/applications/skynet.ie.nix @@ -21,6 +21,11 @@ }; config = { + skynet_acme.domains = [ + # the root one is already covered by teh certificate + "2016.skynet.ie" + ]; + skynet_dns.records = [ # means root domain, so skynet.ie {record="@"; r_type="A"; value=cfg.host.ip;} diff --git a/applications/ulfm.nix b/applications/ulfm.nix index 7c101b8..f970e0d 100644 --- a/applications/ulfm.nix +++ b/applications/ulfm.nix @@ -50,6 +50,10 @@ 8000 ]; + skynet_acme.domains = [ + "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" + ]; + skynet_dns.records = [ {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;} ];