diff --git a/hosts/rpi4/services.nix b/hosts/rpi4/services.nix index 4ccc89d..45e9b72 100644 --- a/hosts/rpi4/services.nix +++ b/hosts/rpi4/services.nix @@ -2,14 +2,42 @@ { config = { - users.groups.secrets = {}; - users.users.acme.extraGroups = [ "secrets" ]; - age.secrets.cloudflaredns = { file = ../../secrets/cloudflare-dns.age; group = "secrets"; }; + users.groups.secrets = {}; + users.users.acme.extraGroups = [ "secrets" ]; + + security.acme = { + acceptTerms = true; + maxConcurrentRenewals = 1; + + defaults.email = "iancoguz@gmail.com"; + + certs = { + "protogen.io" = { + credentialFiles = { + "CLOUDFLARE_EMAIL_FILE" = pkgs.writeText "email" "iancoguz@gmail.com"; + "CLOUDFLARE_API_KEY_FILE" = config.age.secrets.cloudflaredns.path; + }; + + dnsProvider = "cloudflare"; + domain = "protogen.io"; + extraDomainNames = [ + "*.protogen.io" + "nullbite.com" + "*.nullbite.com" + "nullbite.dev" + "*.nullbite.dev" + "nbt.sh" + "*.nbt.sh" + ]; + }; + }; + }; + users.users.nginx.extraGroups = [ "acme" ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; @@ -45,32 +73,6 @@ }; }; - security.acme = { - acceptTerms = true; - maxConcurrentRenewals = 1; - - defaults.email = "iancoguz@gmail.com"; - - certs = { - "protogen.io" = { - credentialFiles = { - "CLOUDFLARE_EMAIL_FILE" = pkgs.writeText "email" "iancoguz@gmail.com"; - "CLOUDFLARE_API_KEY_FILE" = config.age.secrets.cloudflaredns.path; - }; - - dnsProvider = "cloudflare"; - domain = "protogen.io"; - extraDomainNames = [ - "*.protogen.io" - "nullbite.com" - "*.nullbite.com" - "nullbite.dev" - "*.nullbite.dev" - "nbt.sh" - "*.nbt.sh" - ]; - }; - }; }; }; }