depotwide: add google-cloudflare role

2022-08-10 01:51:46 +01:00 · 2022-08-10 01:51:46 +01:00 · 5c1742e13f
commit 5c1742e13f
parent 94743c8fa2
4 changed files with 6 additions and 4 deletions
--- a/nix/pkgs/vault-acme/default.nix
+++ b/nix/pkgs/vault-acme/default.nix
@ -15,8 +15,8 @@ buildGoModule rec {
  src = fetchFromGitHub {
    owner = "lukegb";
    repo = pname;
-    rev = "c93a5466c09e2198483928e4931e31f2a3cee753";
-    sha256 = "sha256:1yik8vx4d9c8qcxrrab0j1vxzcs1qnfgpi62n6rqv2sy19k0kybz";
+    rev = "d128cded9a4f96b0c6784f13c6ff6d077f6688da";
+    sha256 = "sha256:0yp8nmzp0cfqxh0r6qls0mwz9myaskb3q5qwcwx6gcm2wrwidi84";
  };

  patches = [ ./just-add-a-sleep.patch ];
--- a/ops/nixos/lib/secretsmgr-acme.nix
+++ b/ops/nixos/lib/secretsmgr-acme.nix
@ -51,7 +51,7 @@ in

        role = mkOption { 
          type = str;
-          default = "letsencrypt-cloudflare";
+          default = "google-cloudflare";
          description = "Which role to use for certificate issuance.";
        };

--- a/ops/nixos/totoro/default.nix
+++ b/ops/nixos/totoro/default.nix
@ -506,7 +506,7 @@ in {
      ExecStart = "${depot.ops.raritan.ssl-renew}/lego.sh";
      EnvironmentFile = pkgs.writeText "sslrenew-secret" ''
        CERTIFICATE_DOMAIN=kvm.lukegb.xyz
-        CERTIFICATE_ROLE=letsencrypt-cloudflare
+        CERTIFICATE_ROLE=google-cloudflare
        RARITAN_IP=192.168.1.50
        RARITAN_USERNAME=${secrets.raritan.sslrenew.username}
        RARITAN_PASSWORD=${secrets.raritan.sslrenew.password}
--- a/ops/vault/cfg/acme-ca.nix
+++ b/ops/vault/cfg/acme-ca.nix
@ -44,5 +44,7 @@

    letsencrypt-gcloud-as205479.allowed_domains = gcloudDomains;
    letsencrypt-staging-gcloud-as205479.allowed_domains = gcloudDomains;
+
+    google-cloudflare.allowed_domains = cloudflareDomains;
  };
 }