feat(amd): add opencode web server at opencode.amd.hoyer.world
Mirror of the sgx opencode setup: systemd service on port 4196 fronted by nginx with a per-host ACME cert (DNS-01 via internetbs). Adds amd key + path rule to .sops.yaml so secrets under .secrets/amd/ encrypt for the host.
This commit is contained in:
parent
01f42c0851
commit
0e723e2da8
7 changed files with 158 additions and 0 deletions
11
systems/x86_64-linux/amd/acme.nix
Normal file
11
systems/x86_64-linux/amd/acme.nix
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
{
|
||||
config,
|
||||
...
|
||||
}:
|
||||
{
|
||||
sops.secrets.internetbs = {
|
||||
sopsFile = ../../../.secrets/amd/internetbs.yaml;
|
||||
};
|
||||
|
||||
metacfg.services.acmeBase.credentialsFile = config.sops.secrets.internetbs.path;
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue