summary refs log tree commit diff stats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--secrets/acme.agebin0 -> 708 bytes
-rw-r--r--secrets/secrets.nix2
-rw-r--r--system/linde.nix3
-rwxr-xr-xsystem/nanopi.nix1
4 files changed, 5 insertions, 1 deletions
diff --git a/secrets/acme.age b/secrets/acme.age
new file mode 100644
index 00000000..efd8bf3a
--- /dev/null
+++ b/secrets/acme.age
Binary files differdiff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 1d2ea414..75c174d1 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -11,6 +11,8 @@ let
   };
 
   secrets = with machines; {
+    acme = [ linde nanopi ];
+
     binarycache = [ linde ];
     paperless = [ linde ];
     powerdns = [ linde ];
diff --git a/system/linde.nix b/system/linde.nix
index 8e6635b6..6e5e54ed 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -39,6 +39,7 @@ in
         mode = "400";
         symlink = false;
       };
+    acme.file = ../secrets/acme.age;
     binarycache.file = ../secrets/binarycache.age;
     dex.file = ../secrets/dex.age;
     powerdns.file = ../secrets/powerdns.age;
@@ -614,7 +615,7 @@ in
       email = "alan@alanpearce.eu";
       dnsProvider = "pdns";
       dnsResolver = "1.1.1.1:53";
-      credentialsFile = config.age.secrets.powerdns.path;
+      credentialsFile = config.age.secrets.acme.path;
       reloadServices = [ "caddy" ];
       validMinDays = 32;
     };
diff --git a/system/nanopi.nix b/system/nanopi.nix
index c3f36134..3a95ebfc 100755
--- a/system/nanopi.nix
+++ b/system/nanopi.nix
@@ -18,6 +18,7 @@ in
 
   age.secrets = {
     dyndns.file = ../secrets/dyndns.age;
+    acme.file = ../secrets/acme.age;
     syncthing.file = ../secrets/syncthing.age;
   };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-28 01:28:01 +0000