From 24f792cfd505101f86ca4b0e169c8e9dc6a85ed5 Mon Sep 17 00:00:00 2001
From: ahuston-0 <aliceghuston@gmail.com>
Date: Sun, 1 Dec 2024 00:56:29 -0500
Subject: [PATCH] haproxy compat for acme, add go major mode to doom
Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
---
modules/docker.nix | 9 +++++--
systems/palatine-hill/acme.nix | 34 +++++++++++++++++++++++++
systems/palatine-hill/configuration.nix | 1 +
systems/palatine-hill/secrets.yaml | 6 +++--
users/alice/home/doom/init.el | 2 +-
5 files changed, 47 insertions(+), 5 deletions(-)
create mode 100644 systems/palatine-hill/acme.nix
diff --git a/modules/docker.nix b/modules/docker.nix
index 86a33d2..655f328 100644
--- a/modules/docker.nix
+++ b/modules/docker.nix
@@ -7,8 +7,13 @@
extraGroups = [ "docker" ];
uid = 600;
};
- groups.docker-service = {
- gid = 600;
+ groups = {
+ docker-service = {
+ gid = 600;
+ };
+ haproxy = {
+ gid = 99;
+ };
};
};
diff --git a/systems/palatine-hill/acme.nix b/systems/palatine-hill/acme.nix
new file mode 100644
index 0000000..ed08c5e
--- /dev/null
+++ b/systems/palatine-hill/acme.nix
@@ -0,0 +1,34 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+
+{
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "aliceghuston@gmail.com";
+ certs."nayeonie.com" = {
+ dnsProvider = "bunny";
+ environmentFile = config.sops.secrets."acme/bunny".path;
+ dnsPropagationCheck = false;
+ group = "haproxy";
+ extraDomainNames = [
+ # "*.nayeonie.com"
+ # "alicehuston.xyz"
+ # "*.alicehuston.xyz"
+ ];
+ };
+ };
+ security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+ systemd.services."acme-nayeonie.com".serviceConfig = {
+ Environment = [ ''"PATH=/ZFS/ZFS-primary/backups/lego/dist:$PATH"'' ];
+ };
+
+ sops.secrets = {
+ "acme/bunny" = {
+ owner = "root";
+ };
+ };
+}
diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix
index 4c4254a..d3f0d2f 100644
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@@ -6,6 +6,7 @@
}:
{
imports = [
+ ./acme.nix
./attic
./docker
./gitea.nix
diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml
index d91330c..bdfae2d 100644
--- a/systems/palatine-hill/secrets.yaml
+++ b/systems/palatine-hill/secrets.yaml
@@ -20,6 +20,8 @@ docker:
nextcloud: ENC[AES256_GCM,data:dm2Cha+CvFORgdcBvJAzzdOGcJ95vLJYTZcUJnjNp6HOQIIoJrDone1NOAYJh9rdWG/17/ntOmd+TysAj4AsD0dw/PatZmy3I+dcVghkt2XNTc7jD64QjctIHzR+om1joAbKemG1R3St7qDU68TWYxoxIfYZcJvg3ds/lJcYgFRh079UZ/IRlGVR6sWPEXyY+UUrwtk0Fr+y8UtwwWZiLp0akUbIV06huRGiAp/PeWETuPPuacl2++ayIgJFZkJjUl/a52RI1Q0nLG5iyK6QYpY1JSRJTOkiQQ4PB5GRdLCdoM5/ZXTQ6gGcoM5jXFllsTn+yRicNRucuBp7Z2achbk6eITCdjjdXVI7zM4YXpzVLu5fJckLAu07aEIGYCBT7ZXd7TRgfB68POwtwaJGBozg+nuhq8xEH04yi8jFODH6aFplIgJ+bbaP72zw+92lzZa33FEtOwKdtx+YUv0eLLDJs+8Z6Sn6RyN8prwIz1/9LuIMx39g4R7id9W2bV2MXqTU4nN8f0TXWqe+hnb5pDLBaZOBMkwbRka6Vptsi4dbL5Lnexa2DoIHZ2unyxZ+4SkRt9LH39j8fXf2w5JPFCSLstf7+Zu7xzRS0TTCug7k,iv:oOWcFdQJb/+KZKJmQChhJ5jOCcM3o+ojZSMyiRnO9n8=,tag:PWGQkwPe0juLgAdlKiWKpg==,type:str]
redis: ENC[AES256_GCM,data:c+55cN6IpUNeKd+wC2zv3eunYjBsmZtXTczokqaxB2Q=,iv:M3pwNUlT9kUMv4JDE6bp/gub9CdBGxdApIvpOt3JpgE=,tag:3rPlV3U0AP9zAeF7xDouKw==,type:str]
act-runner: ENC[AES256_GCM,data:gdrqXBBzdMW26MgNfP6P1c/m7pLANCXjcZLvVsxlWcgpAZd8IaO2FUqomL3xFI3UDPveQh0UvC3044ueoWhYJOq7ZmKJGvdf0ZrpP1MkXZKvjFjbTsuf/6/SYKhPqnP28HqznUWIVJYcRmP+A2oVeJY=,iv:/yOqJYDpxbqCm1whqcypp7Ba1Xlaebrv+h6lHr57Qa8=,tag:PzVqxP+QwQq69jqhmagj3w==,type:str]
+acme:
+ bunny: ENC[AES256_GCM,data:P2yROVUga9mORcq8VR/l0i4/2Vod1zvlYq+ZJLLNKow0SpblkwQX/i1ucQYAOkTTRddN+3C+t0zj1rMWkdLoaLjEUJJi3VsSxi+chV2FFiVKFQGEcg24,iv:aQvGgGLsgRGoEmwTgZHR8Jm/MYxmGtVTT/fZKaTLeMs=,tag:m3ssF4O8qs4yxvMu6yUcjw==,type:str]
server-validation:
webhook: ENC[AES256_GCM,data:Lwqy4UhyFutpXjai7EJPKp8MDlI+ayDna4T8jluvC6qkeJ7o1UaaDCOsgLy4Fw7LC77tXhJtkcmep9w37JaiHp2CoDOfy2iAaq8o9CCSi/a0zqMJx+HdZYZNemvmpc6E/be0K+JDrFZLbjr3unSpCidQ3whccC6XyY013R12swN3bFZIu1gtzXCgUZ4U,iv:pVbrRwH3ziu4+R5BfimPV7N71QmyerJEc9M5K4eofOc=,tag:zNrCXrIioQWPEPVz/wMDpQ==,type:str]
sops:
@@ -37,8 +39,8 @@ sops:
cXNZWmZqd0R0SmhINExscHBKWmxvblUKEFEQvt/zQFARba4S8vHz/1SoKdKg69At
LZ58XQGOmlGbBhPr7EzYQ2XSY4flWbnnD174cmCR8DNFm15DsNA5fw==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-11-30T05:28:04Z"
- mac: ENC[AES256_GCM,data:0ZT+1mkiV8XKsY3jL7tyaISBy5mZB/cHGH3K860QUi3eEhLgi+GIdAJ5Ia2YMWIdFsrO1z08YUG9ZmeCBgmtNLueNzjk+AjMTq7G4QOwLdA2HZthDPxOmroX4nhXYdRgZEdSUm4ZBpu8X137o9N+dqzVL/kD/Mfqjw7Sixy22U8=,iv:Q6Hosaxoe8dXPJvaFZasT6u0gDEyxAFNNYEUIilp36I=,tag:vSmTHwvFXJltJOuBdutMGA==,type:str]
+ lastmodified: "2024-11-30T05:36:05Z"
+ mac: ENC[AES256_GCM,data:WkcqAulJAH4tUkjz5pao90rsy48cO12ipb9I/BS8/t9PR6/TIvfBORQ7JBA0/R5djfsYl1WqWTPMzBCYzLz5Os2CmJzGyd7oB70BJE9FG9xysb10I63KDRRWcRaq8KZN/0gdSZi3J1kJAKFp/3j1O68UPn8wacwRL1Sl2Za0ZVk=,iv:Kce1zXjr9LFfiffzPAKu4NzCEv4gBgXr2J/6ZNlu4Wc=,tag:p9UItj4J7bRG6Zs0iiOLug==,type:str]
pgp:
- created_at: "2024-11-28T18:56:39Z"
enc: |-
diff --git a/users/alice/home/doom/init.el b/users/alice/home/doom/init.el
index e6ec40a..ef076d3 100644
--- a/users/alice/home/doom/init.el
+++ b/users/alice/home/doom/init.el
@@ -133,7 +133,7 @@
;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for
- ;;(go +lsp +tree-sitter) ; the hipster dialect
+ (go +lsp +tree-sitter) ; the hipster dialect
;;(graphql +lsp) ; Give queries a REST
;;(haskell +lsp) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python