]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/keys.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
nginx: use Let's Encrypt X.509 certificate
[sourcephile-nix.git] / servers / mermet / keys.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (builtins) readFile;
4 inherit (builtins.extraBuiltins) pass;
5 in
6 {
7 deployment.keys = {
8 "sourcephile.fr.key.pem" = {
9 text = pass "x509/sourcephile.fr/key.pem";
10 user = "root";
11 group = "root";
12 destDir = "/run/keys/";
13 permissions = "0400"; # WARNING: not enforced when deployment.storeKeysOnMachine = true
14 };
15 "autogeree.net.key.pem" = {
16 text = pass "x509/autogeree.net/key.pem";
17 user = "root";
18 group = "root";
19 destDir = "/run/keys/";
20 permissions = "0400"; # WARNING: not enforced when deployment.storeKeysOnMachine = true
21 };
22 };
23 }
NixOS configurations for Sourcephile's infrastructure