DRY security.acme

2021-09-27 22:27:36 +02:00 · 2021-09-27 22:27:36 +02:00 · dcfdd87899
parent fe58dc6cdd
commit dcfdd87899
9 changed files with 13 additions and 35 deletions
--- a/hosts/containers/hydra/default.nix
+++ b/hosts/containers/hydra/default.nix
@ -13,10 +13,6 @@

  nixpkgs.config.allowUnfree = true;

-  security.acme = {
-    email = "mail@c3d2.de";
-    acceptTerms = true;
-  };
  security.pam.enableSSHAgentAuth = true;

  services.openssh = {
--- a/hosts/containers/kibana/default.nix
+++ b/hosts/containers/kibana/default.nix
@ -26,10 +26,6 @@
    package = pkgs.kibana7;
  };

-  security.acme = {
-    acceptTerms = true;
-    email = "mail@c3d2.de";
-  };
  services.nginx = let
    authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
    vhost = url: {
--- a/hosts/containers/matemat/default.nix
+++ b/hosts/containers/matemat/default.nix
@ -45,9 +45,4 @@
      hostname = "matemat.hq.c3d2.de";
    };
  };
-
-  security.acme = {
-    acceptTerms = true;
-    email = "mail@c3d2.de";
-  };
 }
--- a/hosts/containers/mobilizon/default.nix
+++ b/hosts/containers/mobilizon/default.nix
@ -49,8 +49,4 @@
      locations."/".proxyPass = "http://localhost:4000";
    };
  };
-  security.acme = {
-    acceptTerms = true;
-    email = "mail@c3d2.de";
-  };
 }
--- a/hosts/containers/scrape/default.nix
+++ b/hosts/containers/scrape/default.nix
@ -40,10 +40,6 @@ in {
      root = config.users.users.scrape.home;
    };
  };
-  security.acme = {
-    acceptTerms = true;
-    email = "mail@c3d2.de";
-  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];

  systemd.services = let
--- a/hosts/containers/stream/default.nix
+++ b/hosts/containers/stream/default.nix
@ -47,9 +47,4 @@ in
      };
    };
  };
-
-  security.acme = {
-    acceptTerms = true;
-    email = "mail@c3d2.de";
-  };
 }
--- a/hosts/pulsebert/default.nix
+++ b/hosts/pulsebert/default.nix
@ -135,11 +135,6 @@ in
    };
  };

-  security.acme = {
-    acceptTerms = true;
-    email = "mail@c3d2.de";
-  };
-
  services.nginx = {
    enable = true;
    #recommendedGzipSettings = true;
--- a/hosts/radiobert/default.nix
+++ b/hosts/radiobert/default.nix
@ -149,10 +149,6 @@
      };
    };
  };
-  security.acme = {
-    acceptTerms = true;
-    email = "mail@c3d2.de";
-  };

  # Allow access to USB
  services.udev.extraRules = ''
--- a/lib/default.nix
+++ b/lib/default.nix
@ -60,6 +60,14 @@ in {
        '';
      };

+      acmeEmail = mkOption {
+        type = str;
+        default = "mail@c3d2.de";
+        description = ''
+          Admin email address to use for Letsencrypt
+        '';
+      };
+
      hq = {

        /* externalInterface = mkOption {
@ -258,6 +266,11 @@ in {
      rebootTime = "15s";
    };

+    # Defaults for LetsEncrypt
+    security.acme = {
+      acceptTerms = true;
+      email = cfg.acmeEmail;
+    };
  };

  meta.maintainers = with lib.maintainers; [ ehmry ];