[MATRIX, WEB SERVERS] Improvements, DNS-01

2026-02-09 12:29:19 -08:00 · 2023-04-25 16:33:32 -07:00 · 2023-04-25 16:33:32 -07:00 · e642b3879c
commit e642b3879c
parent a1f1dee6a1
13 changed files with 191 additions and 94 deletions
--- a/nixos/roles/web-server/scalpel.nix
+++ b/nixos/roles/web-server/scalpel.nix
@ -0,0 +1,18 @@
+{
+  lib,
+  config,
+  pkgs,
+  prev,
+  ...
+}: {
+  scalpel.trafos."credentials_file" = {
+    source = "/etc/ssl/credentials_template";
+    matchers."CLOUDFLARE_EMAIL".secret = config.sops.secrets.cloudflare_email.path;
+    matchers."CLOUDFLARE_TOKEN".secret = config.sops.secrets.cloudflare_token.path;
+    owner = "acme";
+    group = "acme";
+    mode = "0440";
+  };
+
+  security.acme.defaults.credentialsFile = config.scalpel.trafos."credentials_file".destination;
+}