feat: vicinae, update servers

2026-02-09 04:19:19 -08:00 · 2025-12-09 05:34:53 -08:00 · 2025-12-09 05:34:53 -08:00 · edd507c0ec
commit edd507c0ec
parent 0e91b2184d
20 changed files with 188 additions and 187 deletions
--- a/nixos/common/ssh.nix
+++ b/nixos/common/ssh.nix
@ -16,7 +16,11 @@ in {
  services.openssh = {
    enable = true;
    settings = {
-      KexAlgorithms = ["curve25519-sha256@libssh.org"];
+      KexAlgorithms = [
+        "mlkem768x25519-sha256"
+        "sntrup761x25519-sha512"
+        "curve25519-sha256@libssh.org"
+      ];
      PasswordAuthentication = false;
      KbdInteractiveAuthentication = false;
      PermitRootLogin = mkDefault "prohibit-password";
--- a/nixos/servers/web/acme.nix
+++ b/nixos/servers/web/acme.nix
@ -1,8 +1,13 @@
-{config, ...}: {
+{
+  config,
+  lib,
+  ...
+}: {
  security.acme = {
    defaults = {
      dnsProvider = "cloudflare";
      credentialsFile = config.sops.secrets.acme_credentials.path;
+      email = lib.mkDefault "acme@inskip.me";
    };
    acceptTerms = true;
  };