mirror of
https://github.com/ryan4yin/nix-config.git
synced 2026-04-25 09:28:27 +02:00
feat: add private ca for all internal web services
This commit is contained in:
@@ -34,6 +34,7 @@ in {
|
||||
server.application.enable = mkEnableOption "NixOS Secrets for Application Servers";
|
||||
server.operation.enable = mkEnableOption "NixOS Secrets for Operation Servers(Backup, Monitoring, etc)";
|
||||
server.kubernetes.enable = mkEnableOption "NixOS Secrets for Kubernetes";
|
||||
server.webserver.enable = mkEnableOption "NixOS Secrets for Web Servers(contains tls cert keys)";
|
||||
|
||||
impermanence.enable = mkEnableOption "whether use impermanence and ephemeral root file system";
|
||||
};
|
||||
@@ -244,5 +245,15 @@ in {
|
||||
// high_security;
|
||||
};
|
||||
})
|
||||
|
||||
(mkIf cfg.server.webserver.enable {
|
||||
age.secrets = {
|
||||
"certs/ecc-server.key" = {
|
||||
file = "${mysecrets}/certs/ecc-server.key.age";
|
||||
mode = "0400";
|
||||
owner = "caddy"; # used by caddy only
|
||||
};
|
||||
};
|
||||
})
|
||||
]);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user