nixcfg/systems/x86_64-linux/amd/acme.nix at 441df05d8658f32918c35ed4b15cb5cf68c40702 - harald/nixcfg - Forgejo: Beyond coding. We Forge.

harald/nixcfg

Harald Hoyer 0e723e2da8 feat(amd): add opencode web server at opencode.amd.hoyer.world

Mirror of the sgx opencode setup: systemd service on port 4196 fronted
by nginx with a per-host ACME cert (DNS-01 via internetbs). Adds amd
key + path rule to .sops.yaml so secrets under .secrets/amd/ encrypt
for the host.

2026-05-03 15:55:15 +02:00

11 lines

198 B

Nix

Raw Blame History

 {
   config,
   ...
 }:
 {
   sops.secrets.internetbs = {
     sopsFile = ../../../.secrets/amd/internetbs.yaml;
   };
   metacfg.services.acmeBase.credentialsFile = config.sops.secrets.internetbs.path;
 }