Skip to content
Snippets Groups Projects
Select Git revision
  • production protected
  • develop default protected
  • nixpkgs-upgrade-2025-06-16
  • nixpkgs-upgrade-2024-12-23
  • 190-our-regular-updates-fill-up-the-servers-boot-partitions
  • nixpkgs-upgrade-2024-10-14
  • hro-cloud protected
  • 162.flexible-grafana-module
  • nixpkgs-upgrade-2024-05-13
  • nixpkgs-upgrade-2024-04-22
  • nixpkgs-upgrade-2024-03-25
  • nixpkgs-upgrade-2024-03-18
  • nixpkgs-upgrade-2024-03-11
  • nixpkgs-upgrade-2024-03-04
  • 163.jp-to-ben-for-prod
  • nixpkgs-upgrade-2024-02-26
  • 164.grafana-alert-rules
  • 157.authorize-new-hro-key
  • nixpkgs-upgrade-2024-02-19
  • nixpkgs-upgrade-2024-02-12
20 results

customize-issuer.nix

Blame
    • customize-issuer.nix 985 B 
    { ristrettoSigningKeyPath
, stripeSecretKeyPath
, monitoringvpnKeyDir
, monitoringvpnEndpoint
, monitoringvpnIPv4
, sshUsers
, letsEncryptAdminEmail
, issuerDomains
, allowedChargeOrigins
, ...
}: {
  deployment.secrets = {
    "ristretto-signing-key".source = ristrettoSigningKeyPath;
    "stripe-secret-key".source = stripeSecretKeyPath;
    "monitoringvpn-secret-key".source = "${monitoringvpnKeyDir}/${monitoringvpnIPv4}.key";
    "monitoringvpn-preshared-key".source = "${monitoringvpnKeyDir}/preshared.key";
  };

  services.private-storage.sshUsers = sshUsers;
  services.private-storage.monitoring.vpn.client = {
    enable = true;
    ip = monitoringvpnIPv4;
    endpoint = monitoringvpnEndpoint;
    endpointPublicKeyFile = "${monitoringvpnKeyDir}/server.pub";
  };

  services.private-storage-issuer = {
    letsEncryptAdminEmail = letsEncryptAdminEmail;
    domains = issuerDomains;
    allowedChargeOrigins = allowedChargeOrigins;
  };

  system.stateVersion = "19.03";
}