DRY security.acme

2021-09-27 22:27:36 +02:00 · 2021-09-27 22:27:36 +02:00 · dcfdd87899
parent fe58dc6cdd
commit dcfdd87899
9 changed files with 13 additions and 35 deletions
--- a/hosts/containers/hydra/default.nix
+++ b/hosts/containers/hydra/default.nix
@ -13,10 +13,6 @@
  nixpkgs.config.allowUnfree = true;
  security.acme = {
    email = "mail@c3d2.de";
    acceptTerms = true;
  };
  security.pam.enableSSHAgentAuth = true;
  services.openssh = {
--- a/hosts/containers/kibana/default.nix
+++ b/hosts/containers/kibana/default.nix
@ -26,10 +26,6 @@
    package = pkgs.kibana7;
  };
  security.acme = {
    acceptTerms = true;
    email = "mail@c3d2.de";
  };
  services.nginx = let
    authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
    vhost = url: {
--- a/hosts/containers/matemat/default.nix
+++ b/hosts/containers/matemat/default.nix
@ -45,9 +45,4 @@
      hostname = "matemat.hq.c3d2.de";
    };
  };
  security.acme = {
    acceptTerms = true;
    email = "mail@c3d2.de";
  };
 }
--- a/hosts/containers/mobilizon/default.nix
+++ b/hosts/containers/mobilizon/default.nix
@ -49,8 +49,4 @@
      locations."/".proxyPass = "http://localhost:4000";
    };
  };
  security.acme = {
    acceptTerms = true;
    email = "mail@c3d2.de";
  };
 }
--- a/hosts/containers/scrape/default.nix
+++ b/hosts/containers/scrape/default.nix
@ -40,10 +40,6 @@ in {
      root = config.users.users.scrape.home;
    };
  };
  security.acme = {
    acceptTerms = true;
    email = "mail@c3d2.de";
  };
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  systemd.services = let
--- a/hosts/containers/stream/default.nix
+++ b/hosts/containers/stream/default.nix
@ -47,9 +47,4 @@ in
      };
    };
  };
  security.acme = {
    acceptTerms = true;
    email = "mail@c3d2.de";
  };
 }
--- a/hosts/pulsebert/default.nix
+++ b/hosts/pulsebert/default.nix
@ -135,11 +135,6 @@ in
    };
  };
  security.acme = {
    acceptTerms = true;
    email = "mail@c3d2.de";
  };
  services.nginx = {
    enable = true;
    #recommendedGzipSettings = true;
--- a/hosts/radiobert/default.nix
+++ b/hosts/radiobert/default.nix
@ -149,10 +149,6 @@
      };
    };
  };
  security.acme = {
    acceptTerms = true;
    email = "mail@c3d2.de";
  };
  # Allow access to USB
  services.udev.extraRules = ''
--- a/lib/default.nix
+++ b/lib/default.nix
@ -60,6 +60,14 @@ in {
        '';
      };
      acmeEmail = mkOption {
        type = str;
        default = "mail@c3d2.de";
        description = ''
          Admin email address to use for Letsencrypt
        '';
      };
      hq = {
        /* externalInterface = mkOption {
@ -258,6 +266,11 @@ in {
      rebootTime = "15s";
    };
    # Defaults for LetsEncrypt
    security.acme = {
      acceptTerms = true;
      email = cfg.acmeEmail;
    };
  };
  meta.maintainers = with lib.maintainers; [ ehmry ];