Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hosts: dmz: acme: increase propagation timeout, use wildcard

Browse Source
This commit is contained in:
Kabbone
2024-06-02 12:27:03 +02:00
parent 5824207566
commit 54aeb48839
3 changed files with 43 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/dmz/hardware-configuration.nix
View File

@@ -83,11 +83,14 @@
"10-lan" = { "10-lan" = {
matchConfig.Name = "enp6s18"; matchConfig.Name = "enp6s18";
ntp = [ "192.168.101.1" ]; ntp = [ "192.168.101.1" ];
domains = [ "home.opel-online.de" ]; #domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;
}; };
dns = [
"1.1.1.1"
];
}; };
}; };
}; };

25
modules/services/dmz/hydra.nix
View File

@@ -5,7 +5,7 @@
hydra = { hydra = {
enable = true; enable = true;
hydraURL = "https://hydra.home.opel-online.de"; hydraURL = "https://hydra.home.opel-online.de";
listenHost = "localhost"; listenHost = "127.0.0.1";
notificationSender = "hydra@localhost"; notificationSender = "hydra@localhost";
useSubstitutes = true; useSubstitutes = true;
minimumDiskFree = 30; minimumDiskFree = 30;
@@ -19,13 +19,19 @@
nginx = { nginx = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
"hydra.home.opel-online.de" = { "home.opel-online.de" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://localhost:3000"; locations."/".proxyPass = "http://localhost:3000";
}; };
"cache.home.opel-online.de" = { "cache.home.opel-online.de" = {
enableACME = true; useACMEHost = "home.opel-online.de";
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://localhost:5001"; locations."/".proxyPass = "http://localhost:5001";
}; };
@@ -38,17 +44,18 @@
defaults = { defaults = {
email = "webmaster@kabtop.de"; email = "webmaster@kabtop.de";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory"; #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "1.1.1.1:53";
}; };
certs = { certs = {
"hydra.home.opel-online.de" = { "home.opel-online.de" = {
dnsProvider = "netcup"; domain = "*.home.opel-online.de";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
"cache.home.opel-online.de" = {
dnsProvider = "netcup"; dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path; environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null; webroot = null;
#extraDomainNames = [
# "hydra.home.opel-online.de"
# "cache.home.opel-online.de"
#];
}; };
}; };
}; };

44
secrets/services/acme/opel-online.age
View File

@@ -1,23 +1,25 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 Xp6AuQ GDUg4ymZcGVdruoQ8cy2SUcjqPUQQA2oHoKr/CZwA14 -> ssh-ed25519 Xp6AuQ 1d8fbSV7Nq4TKI3ZHuHaLJNGbCpizLFjV+jZCLQ7iBM
Vip1RTbOImXRTv7jx4zEJUcS9V03AdrnwLXJEhn34eM I/UaqBunMAxfFw5O1s1ErONzxngUitDPZWzLtX9NpSo
-> ssh-ed25519 NNXygQ tNmkd4SvTC78Bwi+4dA++UEUMbc3Y5oM3VYqznP5D14 -> ssh-ed25519 NNXygQ h9RG7RHwH8uLqcf0bJW3WogmKMD7IE1K90Q6cvfsjTE
0IZQRYyfbEbdoVSR3rtQ72lr3h4wtwL1kSfFL+Ks/f0 C18TXsszMAW5N6iEumnwM1j4SdgCVvO2LGkVufMynNg
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
AitcLLK7eCthBM35iTTE52r6Q1IBoZbaTfONL0X9z9FkjMYwMRUTgN2u5BjpX+/o LvvWrwRMIZAQrGc6s6kiZktOxB6eWFFy8muSfaADqqjO7fxuxXxPEhFMxJbmn8Kp
+MWbucqF3P4iVifP512FFjQc4TLw++9Or5jrb8xmX2fmkHhqul9+DZPoSvMv+ES8 BxsyLX49x9Vi58gw7fXIth+JbNWYctlmJqdu80GKv2R9Rz8eqDs43UoDb+WK2VV3
GWrBn4yDaJlLz2hZJoRAb4avv9sSsG1zyeKfEe7JnMAp5AYgTfN8I6MBygcvhML9 vdlN21fpBDiptkPOX3wI0d+HB5cZ7Tr+0tXx0vl2k1t6Iu06iguMs4ktaIaneoHI
BL5MDg8m3DP1pXy7BF+oNKKfBuXbWY2z5qvsdg8PQacHpuNY59js3TEYJxoimh5T 8paaUWhw6z4aWZNsPAQfKrqZHsLSovLnQKes0Zc9zYIL1mSVwg321L2pOt0RBtQW
+s6O33Cw+yY2cQstu0XzakT8lMtO9VluolPm/ieuFOYu/BnnxwAfqzklT7ZbAcjd nJ77qqWxOz1sEj7Y+zOyGNqm7qD5a7VLXwfC0aYdmOkimoSJFjsWpepVJWcN9kJD
gmEAVQuIVvIPKR/L9RF1KIurdKaTgBKvdvSciSmw44aOzOYC0fhpeuzCotpsUcTl CPnQrXPCFxiknkUN9tL/7kblcSoIYxx9qSy38t4KHW+4K0AOkldvU6PZH1B0dKdJ
CfA07Hx4J6j/hRwjYejeuVy5U0FAW8+v84/iUoS633jeO1+VEOzsUBA9ZwTt8x5c Umjn2GFEkZNtGBcm/WRn0ev3yyJa1TIRyRS3T/VmCymPBaemrxr8wxHnJYxmaFYx
Um+lfQCJtx5yE1Rche1sWgU7TFmVZMM4tjoK37evljjiWtHT+kUockmB38373SmD EolY3mUTSSUTYcFZRLuK+hjjD/Ls6H5XwtXpbZQqk2uZm7h2eK7saoHFdcx+nK7B
GIkEWhbvzPKmNbRUHlrkTZXSectJqNr7MsWaNlXso1QPrjE1gQgJSeSDFGbGYGOT IEkDrZE9tgNpveLlz8AEtURfzGR1pJGHDAfKK5S5BhN3u3jI427gRUguXAm0yVtO
/FR+zuG3SX9holTXWhRSQYCDX5XtttUu5vWUF8CvjKZ6VMvJqpMd8uNs8hyUGmT/ AK1WGB6z3+u4MbyzNdHvhQs3BjZqBY1TDiY4pFdr2tj37aB37wVnBjsSAJaJpjig
8xjVnFX/CHuKC7zRFmSrx8hnGdsSquZ34AVOPjB2L2o +no4L+xkd2Z8f+BJX626gryP6v27djKuw8CePaQhsiU
-> piv-p256 grR75w Arw2jl+0E+V3LnHBTG2iZ8SbJT8HQVTiWOR39kE6AkD1 -> piv-p256 grR75w A93nyaSpxiRRpgyetogeq0KjMqUBtdwS+E2dJ+qiNd62
5fnmuwRkoMmG5f9CyWYysD8vWXVGrD9PCckTYjFI+3w njWb3eP8hHbe5CPMGGYh8QZZgZO5WeveauZ/2mRVqV8
-> piv-p256 RQguQQ Ay2CALWl7y1zkitf04a62/ZSD1KCcKM1zhPDUKzZmMGn -> piv-p256 RQguQQ AuLFlBwCHPmV+0tkqbptuOZ7aJllEEvw8WstFEc9BCXq
qeNzMgAPBYLRLYQb5AoEllg2psVUqlxUPrUKoULP41E HKcdL3w58mxGaraMuAxAdmaKRZ/mdZ9wLWuHDWZvQ2U
--- eE3KDFWIrqpgAH73oO2xDm5czR3ZhyqEWnOU9nNMt2s --- viFLZLrT8PDCcNXs7MiX7E2TvGB4evP4S3GNSzU0Gq0
/ss<73><73><EFBFBD>;<16>$<24>B'<27><>:P<03>vH<76><1C>t<EFBFBD><EFBFBD>Y2YvF<76><46><EFBFBD>(<28><><EFBFBD>w<04><><EFBFBD>j<EFBFBD>k<EFBFBD><6B>T3<54><07>n<EFBFBD>|[<5B> 7<><37>r<EFBFBD><72><EFBFBD>ԉ<EFBFBD><D489><EFBFBD><EFBFBD><EFBFBD>y <<3C><><EFBFBD>^<5E>5aC<61>{<7B><>_2<5F><32>٦߀e<DF80>#+˓<>H<EFBFBD>, c<><63><EFBFBD><EFBFBD><EFBFBD><7F><EFBFBD><EFBFBD>qm昅<6D><E69885><EFBFBD>t<EFBFBD>oxԒ<78><D492><EFBFBD>#<23>o<EFBFBD>+<2B>H?0Ʊ<30><C6B1><14><08>:<3A><>u籤z<E7B1A4><7A><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>^<5E><><EFBFBD>#<23>NK@<40>`<60><><EFBFBD>B<EFBFBD>Xf$<24>F,<2C>R6ՙR<D599>!<1A>z<EFBFBD><7A><EFBFBD>r<EFBFBD>0Gʃa<CA83><61>wV<77>͌<1D><EFBFBD><EFBFBD>R<EFBFBD><EFBFBD>O,<2C>؈<02><><EFBFBD><EFBFBD>tKcT<63><54>G@/<2F>C+<2B><><EFBFBD>[<5B>Q<EFBFBD>n<EFBFBD><1D><10><>(<28>8 p}BO<42><1D><05><><07>&K3E<33><45>?dT<64>Y<EFBFBD>[<5B>Xp<58>w<EFBFBD><77><EFBFBD>3<><33>r{<EFBFBD><EFBFBD>S<EFBFBD><EFBFBD><EFBFBD>]$<04><><EFBFBD><EFBFBD>^
<EFBFBD>f<EFBFBD><EFBFBD>+<2B> <0B><><EFBFBD>O<EFBFBD>7<EFBFBD>''<27>W<15>պ5q<><71>|<7C><07>_<EFBFBD><5F>Bi<42><69>X<EFBFBD>b,i<>|<13><>ዕ`<60>-?<17><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>N<EFBFBD>ǀ߽v
q<EFBFBD>z]s<>w<EFBFBD><77><EFBFBD><EFBFBD><EFBFBD><EFBFBD>7|<7C><>6<EFBFBD><36>"vÆ<76>CS&S<><53>H<><48><EFBFBD><EFBFBD><1F><><EFBFBD><02><><EFBFBD>DR<44>g,<2C>.5&<26><><EFBFBD>vf<76><66>O<EFBFBD>Z<EFBFBD>5ȽbvF<76><46><EFBFBD><EFBFBD><EFBFBD>M<EFBFBD>Ι,<11>.<2E><11>x<><78>w9s+x<>