From f93ec188597ab275651b3b885b9c957a0498b43b Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sat, 25 Sep 2021 17:38:09 +0000 Subject: [PATCH] bvm-radius: add ACME certs for as205479.net --- ops/nixos/bvm-radius/default.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ops/nixos/bvm-radius/default.nix b/ops/nixos/bvm-radius/default.nix index e53cc1a8ff..d1770a803a 100644 --- a/ops/nixos/bvm-radius/default.nix +++ b/ops/nixos/bvm-radius/default.nix @@ -14,6 +14,7 @@ in { networking = { hostName = "bvm-radius"; hostId = "dcc75f10"; + tempAddresses = "disabled"; interfaces.enp1s0 = { ipv4.addresses = [{ address = "10.100.0.207"; prefixLength = 23; }]; @@ -46,6 +47,19 @@ in { }; my.ip.tailscale = "100.120.98.116"; + security.acme = { + acceptTerms = true; + email = "letsencrypt@lukegb.com"; + certs."as205479.net" = { + dnsProvider = "gcloud"; + credentialsFile = secrets.gcpDNSCredentials; + dnsPropagationCheck = false; + #postRun = '' + # systemctl restart freeradius + #''; + }; + }; + environment.systemPackages = with pkgs; [ freeradius depot.pkgs.eapol-test