pederbs/config
2
2
Fork 0
Code Issues Pull Requests Releases Activity

lksjdlakjsdl

Browse Source
This commit is contained in:
Peder Bergebakken Sundt
2024-08-18 03:16:17 +02:00
parent b9ff0eed86
commit 9bcc71da42
4 changed files with 27 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
profiles/http/default.nix
View File

@@ -18,6 +18,7 @@ in
#security.acme.defaults.reloadServices
# https://www.xf.is/2020/06/30/list-of-free-acme-ssl-providers/
#security.acme.defaults.server = "https://acme-v02.api.letsencrypt.org/directory" # default
#security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # STAGING
#security.acme.defaults.server = "https://api.buypass.com/acme/directory"; # no wildcards, rate limit: 20 domains/week, 5 duplicate certs / week
#security.acme.defaults.server = "https://api.test4.buypass.no/acme/directory"; # STAGING. no wildcards, rate limit: 20 domains/week, 5 duplicate certs / week

8
profiles/remote-builders.nix
View File

@@ -43,7 +43,7 @@ let
programs.ssh.knownHosts.${fqdn}.publicKey = host.ssh.listenPublicKey;
# TODO: use nix.buildMachines.*.publicHostKey ?
# timeouts are great when remote is unresponsive. nix doesn't care
# timeouts are great when remote is unresponsive. nix doesn't care, lix is way and tests each remote only once
programs.ssh.extraConfig = ''
Host ${fqdn}
ConnectTimeout 3
@@ -51,6 +51,9 @@ let
${lib.optionalString (host.ssh ? proxyJump) ''
ProxyJump ${jump.ssh.listenUser}@${host.ssh.proxyJump}:${builtins.toString jump.ssh.listenPort}
''}
${lib.optionalString (host.ssh ? userPrivateKey) ''
IdentityFile ${host.ssh.userPrivateKey}
''}
'';
})
# in
@@ -79,4 +82,7 @@ in {
imports = lib.forEach hostNames mkRemoteConfig;
# TODO: derive this one from known-hosts.toml
sops.secrets.nix-community-builders-ssh-key = {};
}