acme: each server is now responsible for the certs tehy request

Closes #4
2023-08-06 20:09:15 +01:00 · 2023-08-06 20:09:15 +01:00 · 2ae70acf56
commit 2ae70acf56
parent abc355d1b6
8 changed files with 35 additions and 2 deletions
--- a/applications/acme.nix
+++ b/applications/acme.nix
@ -7,8 +7,6 @@
  imports = [];
  options.services.skynet_acme = {
    enable = mkEnableOption "Skynet Lets Encrypt certs";
    domains = lib.mkOption {
      default = [ ];
      type = lib.types.listOf lib.types.str;
--- a/applications/email.nix
+++ b/applications/email.nix
@ -97,6 +97,10 @@
    age.secrets.ldap_pw.file = ../secrets/ldap/pw.age;
    skynet_acme.domains = [
      "mail.${cfg.domain.domain}"
    ];
    # set up dns record for it
    skynet_dns.records = [
      # basic one
--- a/applications/games/minecraft.nix
+++ b/applications/games/minecraft.nix
@ -53,6 +53,15 @@
      "ip daddr ${cfg.host.ip} tcp dport 25565 counter packets 0 bytes 0 accept"
    ];
    skynet_acme.domains = [
                      "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
               "config.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
      "compsoc_classic.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
              "compsoc.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
                 "gsoc.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
        "gsoc_abridged.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
    ];
    skynet_dns.records = [
      # the minecraft (web) config server
      {record="config.${cfg.domain.sub}";  r_type="CNAME";  value=cfg.host.name;}
--- a/applications/gitlab.nix
+++ b/applications/gitlab.nix
@ -93,6 +93,11 @@
      group = cfg.user;
    };
    skynet_acme.domains = [
              "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
      "*.pages.${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
    ];
    # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide
    skynet_dns.records = [
      {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
--- a/applications/ldap.nix
+++ b/applications/ldap.nix
@ -77,6 +77,10 @@ Gonna use a priper nixos module for this
      group = "openldap";
    };
    skynet_acme.domains = [
      "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
    ];
    skynet_dns.records = [
      {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
    ];
--- a/applications/ldap/ldap_backend.nix
+++ b/applications/ldap/ldap_backend.nix
@ -49,6 +49,10 @@
    age.secrets.ldap_self_service.file = ../../secrets/ldap/self_service.age;
    skynet_acme.domains = [
      "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
    ];
    skynet_dns.records = [
      {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
    ];
--- a/applications/skynet.ie.nix
+++ b/applications/skynet.ie.nix
@ -21,6 +21,11 @@
  };
  config = {
    skynet_acme.domains = [
      # the root one is already covered by teh certificate
      "2016.skynet.ie"
    ];
    skynet_dns.records = [
      # means root domain, so skynet.ie
      {record="@"; r_type="A"; value=cfg.host.ip;}
--- a/applications/ulfm.nix
+++ b/applications/ulfm.nix
@ -50,6 +50,10 @@
      8000
    ];
    skynet_acme.domains = [
      "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"
    ];
    skynet_dns.records = [
      {record=cfg.domain.sub; r_type="CNAME"; value=cfg.host.name;}
    ];