aboutsummaryrefslogtreecommitdiff
path: root/nixos/cobalt/services
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/cobalt/services')
-rw-r--r--nixos/cobalt/services/acme.nix13
1 files changed, 7 insertions, 6 deletions
diff --git a/nixos/cobalt/services/acme.nix b/nixos/cobalt/services/acme.nix
index d28bfc7..58a5c77 100644
--- a/nixos/cobalt/services/acme.nix
+++ b/nixos/cobalt/services/acme.nix
@@ -1,7 +1,13 @@
+{ config, ... }:
+
let
poorObfuscation = y: x: "${x}@${y}";
in
{
+ sops.secrets.hetzner-dns-key = {
+ owner = "acme";
+ };
+
security.acme = {
acceptTerms = true;
defaults.email = poorObfuscation "sefidel.com" "postmaster";
@@ -14,7 +20,7 @@ in
];
dnsProvider = "hetzner";
dnsPropagationCheck = true;
- credentialsFile = "/persist/secrets/hetzner.key";
+ credentialsFile = config.sops.secrets.hetzner-dns-key.path;
};
};
};
@@ -22,9 +28,4 @@ in
environment.persistence."/persist".directories = [
"/var/lib/acme"
];
-
- deployment.keys."hetzner.key" = {
- keyCommand = [ "pass" "show" "server/hetzner-dns" ];
- destDir = "/persist/secrets";
- };
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-11 17:45:53 +0000