starred/nix-config-ryan4yin
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-04-25 09:28:27 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: add private ca for all internal web services

Browse Source
This commit is contained in:
Ryan Yin
2024-04-03 11:32:29 +08:00
parent 468480b4e7
commit f831061889
12 changed files with 118 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
secrets/nixos.nix
View File

@@ -34,6 +34,7 @@ in {
server.application.enable = mkEnableOption "NixOS Secrets for Application Servers";
server.operation.enable = mkEnableOption "NixOS Secrets for Operation Servers(Backup, Monitoring, etc)";
server.kubernetes.enable = mkEnableOption "NixOS Secrets for Kubernetes";
server.webserver.enable = mkEnableOption "NixOS Secrets for Web Servers(contains tls cert keys)";
impermanence.enable = mkEnableOption "whether use impermanence and ephemeral root file system";
};
@@ -244,5 +245,15 @@ in {
// high_security;
};
})
(mkIf cfg.server.webserver.enable {
age.secrets = {
"certs/ecc-server.key" = {
file = "${mysecrets}/certs/ecc-server.key.age";
mode = "0400";
owner = "caddy"; # used by caddy only
};
};
})
]);
}