Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

hosts: dmz: acme: increase propagation timeout, use wildcard

Browse Source
This commit is contained in:
Kabbone 2024-06-02 12:27:03 +02:00
parent 5824207566
commit 54aeb48839
Signed by: Kabbone
SSH Key Fingerprint: SHA256:A5zPB5I6u5V78V51c362BBdCwhDhfDUVbt7NfKdjWBY
3 changed files with 43 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/dmz/hardware-configuration.nix
View File

@ -83,11 +83,14 @@
"10-lan" = { "10-lan" = {
matchConfig.Name = "enp6s18"; matchConfig.Name = "enp6s18";
ntp = [ "192.168.101.1" ]; ntp = [ "192.168.101.1" ];
domains = [ "home.opel-online.de" ]; #domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;
}; };
dns = [
"1.1.1.1"
];
}; };
}; };
}; };

25
modules/services/dmz/hydra.nix
View File

@ -5,7 +5,7 @@
hydra = { hydra = {
enable = true; enable = true;
hydraURL = "https://hydra.home.opel-online.de"; hydraURL = "https://hydra.home.opel-online.de";
listenHost = "localhost"; listenHost = "127.0.0.1";
notificationSender = "hydra@localhost"; notificationSender = "hydra@localhost";
useSubstitutes = true; useSubstitutes = true;
minimumDiskFree = 30; minimumDiskFree = 30;
@ -19,13 +19,19 @@
nginx = { nginx = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
"hydra.home.opel-online.de" = { "home.opel-online.de" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://localhost:3000"; locations."/".proxyPass = "http://localhost:3000";
}; };
"cache.home.opel-online.de" = { "cache.home.opel-online.de" = {
enableACME = true; useACMEHost = "home.opel-online.de";
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://localhost:5001"; locations."/".proxyPass = "http://localhost:5001";
}; };
@ -38,17 +44,18 @@
defaults = { defaults = {
email = "webmaster@kabtop.de"; email = "webmaster@kabtop.de";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory"; #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "1.1.1.1:53";
}; };
certs = { certs = {
"hydra.home.opel-online.de" = { "home.opel-online.de" = {
dnsProvider = "netcup"; domain = "*.home.opel-online.de";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
"cache.home.opel-online.de" = {
dnsProvider = "netcup"; dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path; environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null; webroot = null;
#extraDomainNames = [
# "hydra.home.opel-online.de"
# "cache.home.opel-online.de"
#];
}; };
}; };
}; };

44
secrets/services/acme/opel-online.age
View File

@ -1,23 +1,25 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 Xp6AuQ GDUg4ymZcGVdruoQ8cy2SUcjqPUQQA2oHoKr/CZwA14 -> ssh-ed25519 Xp6AuQ 1d8fbSV7Nq4TKI3ZHuHaLJNGbCpizLFjV+jZCLQ7iBM
Vip1RTbOImXRTv7jx4zEJUcS9V03AdrnwLXJEhn34eM I/UaqBunMAxfFw5O1s1ErONzxngUitDPZWzLtX9NpSo
-> ssh-ed25519 NNXygQ tNmkd4SvTC78Bwi+4dA++UEUMbc3Y5oM3VYqznP5D14 -> ssh-ed25519 NNXygQ h9RG7RHwH8uLqcf0bJW3WogmKMD7IE1K90Q6cvfsjTE
0IZQRYyfbEbdoVSR3rtQ72lr3h4wtwL1kSfFL+Ks/f0 C18TXsszMAW5N6iEumnwM1j4SdgCVvO2LGkVufMynNg
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
AitcLLK7eCthBM35iTTE52r6Q1IBoZbaTfONL0X9z9FkjMYwMRUTgN2u5BjpX+/o LvvWrwRMIZAQrGc6s6kiZktOxB6eWFFy8muSfaADqqjO7fxuxXxPEhFMxJbmn8Kp
+MWbucqF3P4iVifP512FFjQc4TLw++9Or5jrb8xmX2fmkHhqul9+DZPoSvMv+ES8 BxsyLX49x9Vi58gw7fXIth+JbNWYctlmJqdu80GKv2R9Rz8eqDs43UoDb+WK2VV3
GWrBn4yDaJlLz2hZJoRAb4avv9sSsG1zyeKfEe7JnMAp5AYgTfN8I6MBygcvhML9 vdlN21fpBDiptkPOX3wI0d+HB5cZ7Tr+0tXx0vl2k1t6Iu06iguMs4ktaIaneoHI
BL5MDg8m3DP1pXy7BF+oNKKfBuXbWY2z5qvsdg8PQacHpuNY59js3TEYJxoimh5T 8paaUWhw6z4aWZNsPAQfKrqZHsLSovLnQKes0Zc9zYIL1mSVwg321L2pOt0RBtQW
+s6O33Cw+yY2cQstu0XzakT8lMtO9VluolPm/ieuFOYu/BnnxwAfqzklT7ZbAcjd nJ77qqWxOz1sEj7Y+zOyGNqm7qD5a7VLXwfC0aYdmOkimoSJFjsWpepVJWcN9kJD
gmEAVQuIVvIPKR/L9RF1KIurdKaTgBKvdvSciSmw44aOzOYC0fhpeuzCotpsUcTl CPnQrXPCFxiknkUN9tL/7kblcSoIYxx9qSy38t4KHW+4K0AOkldvU6PZH1B0dKdJ
CfA07Hx4J6j/hRwjYejeuVy5U0FAW8+v84/iUoS633jeO1+VEOzsUBA9ZwTt8x5c Umjn2GFEkZNtGBcm/WRn0ev3yyJa1TIRyRS3T/VmCymPBaemrxr8wxHnJYxmaFYx
Um+lfQCJtx5yE1Rche1sWgU7TFmVZMM4tjoK37evljjiWtHT+kUockmB38373SmD EolY3mUTSSUTYcFZRLuK+hjjD/Ls6H5XwtXpbZQqk2uZm7h2eK7saoHFdcx+nK7B
GIkEWhbvzPKmNbRUHlrkTZXSectJqNr7MsWaNlXso1QPrjE1gQgJSeSDFGbGYGOT IEkDrZE9tgNpveLlz8AEtURfzGR1pJGHDAfKK5S5BhN3u3jI427gRUguXAm0yVtO
/FR+zuG3SX9holTXWhRSQYCDX5XtttUu5vWUF8CvjKZ6VMvJqpMd8uNs8hyUGmT/ AK1WGB6z3+u4MbyzNdHvhQs3BjZqBY1TDiY4pFdr2tj37aB37wVnBjsSAJaJpjig
8xjVnFX/CHuKC7zRFmSrx8hnGdsSquZ34AVOPjB2L2o +no4L+xkd2Z8f+BJX626gryP6v27djKuw8CePaQhsiU
-> piv-p256 grR75w Arw2jl+0E+V3LnHBTG2iZ8SbJT8HQVTiWOR39kE6AkD1 -> piv-p256 grR75w A93nyaSpxiRRpgyetogeq0KjMqUBtdwS+E2dJ+qiNd62
5fnmuwRkoMmG5f9CyWYysD8vWXVGrD9PCckTYjFI+3w njWb3eP8hHbe5CPMGGYh8QZZgZO5WeveauZ/2mRVqV8
-> piv-p256 RQguQQ Ay2CALWl7y1zkitf04a62/ZSD1KCcKM1zhPDUKzZmMGn -> piv-p256 RQguQQ AuLFlBwCHPmV+0tkqbptuOZ7aJllEEvw8WstFEc9BCXq
qeNzMgAPBYLRLYQb5AoEllg2psVUqlxUPrUKoULP41E HKcdL3w58mxGaraMuAxAdmaKRZ/mdZ9wLWuHDWZvQ2U
--- eE3KDFWIrqpgAH73oO2xDm5czR3ZhyqEWnOU9nNMt2s --- viFLZLrT8PDCcNXs7MiX7E2TvGB4evP4S3GNSzU0Gq0
/ssæÂÕ;<16>$­B'±Ã:P<03>vHÎît ±Y2YvF¸ì­(óîw<04>†þjÃk€ÕT3ïn<C3AF>|[ 7¡€r½ªñÔ‰<C394>¡æ÷êy <™¶´^Í5aC©{ýš_2€½Ù¦ß€eñ#+Ë“ßHÍ, c»¥òÊê—êóqm昅…ç¡tŠoxÔÌÎô#åoÒ+<2B>H?0ƱžÏ¶:ëu籤zäÍÄÁçêÑÑ^¥—ü#ßNK@§`¡ó²BïXf$ßF,²R6Õ™Rí!ÝzõÅrƒ0GʃaæüwV©ÍŒœâRÜÜO,ªØˆÿ’àªtKcTÕ÷G@/ûC+àøø[½Q”nÅØ«ˆ(Ä8 p}BO¦õžÄ&K3E±¶?dTõY€[¹XpÐw†Óõ3¤¼r{«áS¨×ÿ]$¹ñ‚Í^ úfÇâ+¶ »­ÝOú7—''ôWßÕº5qü¦|þˆ_õ¨Biÿ¥Xb,iÿ|„šá‹•`è-?ëØòíº°NØǀ߽v
q—z]sàwžü¼·È7|ºÂ6<C382>É"vƧCS&S¬ðH¬Œç”á¦ßÁÉàDRßg,é.5&ú<>¨vf‰”OøZ‡5ȽbvF<76>´‡§äMÓΙ,¾.ÔÄxèw9s+xÚ
Íä(öPBô3´£R0è²û ¯¨è²  ÐÄ|TÁüF…ß¿Jf‰Ü-F‡<46>_\?