diff --git a/hosts/default.nix b/hosts/default.nix index 67ba101..f6ecaee 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -12,6 +12,7 @@ let ./programs/gnupg ./programs/git ./programs/doas + ./security ]; desktopModules = [ ./programs/adb diff --git a/hosts/hina/services.nix b/hosts/hina/services.nix index 2d552f7..39b04d5 100644 --- a/hosts/hina/services.nix +++ b/hosts/hina/services.nix @@ -31,12 +31,5 @@ in }; }; }; - - security.acme = { - acceptTerms = true; - certs = lib.mapAttrs (n: _: { email = "natto@${domain}"; }) - (lib.filterAttrs (_: v: v.enableACME) config.services.nginx.virtualHosts); - }; - security.pki.certificateFiles = [ ../../cert.pem ]; } diff --git a/hosts/marisa/default.nix b/hosts/marisa/default.nix index 45736b6..c5858c0 100644 --- a/hosts/marisa/default.nix +++ b/hosts/marisa/default.nix @@ -17,6 +17,4 @@ time.timeZone = "Asia/Kolkata"; system.stateVersion = "21.05"; - - security.pki.certificateFiles = [ ../../cert.pem ../../consul-agent-ca.pem ]; } diff --git a/hosts/okina/services.nix b/hosts/okina/services.nix index 3997ee4..d5d9541 100644 --- a/hosts/okina/services.nix +++ b/hosts/okina/services.nix @@ -24,7 +24,6 @@ libvirtd.wantedBy = lib.mkForce [ ]; }; - security.pki.certificateFiles = [ ../../cert.pem ]; virtualisation = { docker = { enable = true; diff --git a/hosts/remilia/services.nix b/hosts/remilia/services.nix index 51dc854..2db265d 100644 --- a/hosts/remilia/services.nix +++ b/hosts/remilia/services.nix @@ -79,15 +79,5 @@ in }; }; }; - - security.acme = { - acceptTerms = true; - certs = { - "${domain}".extraDomainNames = lib.singleton "www.${domain}"; - } // - lib.mapAttrs (n: _: { email = "natto@${domain}"; }) - (lib.filterAttrs (_: v: v.enableACME) config.services.nginx.virtualHosts); - }; - security.pki.certificateFiles = [ ../../cert.pem ]; } diff --git a/hosts/satori/services.nix b/hosts/satori/services.nix index 4ba6b6a..146dd41 100644 --- a/hosts/satori/services.nix +++ b/hosts/satori/services.nix @@ -21,7 +21,6 @@ libvirtd.wantedBy = lib.mkForce [ ]; }; - security.pki.certificateFiles = [ ../../cert.pem ]; virtualisation = { docker = { enable = true; diff --git a/hosts/security/default.nix b/hosts/security/default.nix new file mode 100644 index 0000000..85cab32 --- /dev/null +++ b/hosts/security/default.nix @@ -0,0 +1,21 @@ +{ + lib, + conf, + config, + ... +}: +let + domain = conf.network.addresses.domain.natto; + nginx = config.services.nginx; +in +{ + security = { + acme = lib.mkIf nginx.enable { + acceptTerms = true; + certs = lib.mapAttrs (n: _: { email = "natto@${domain}"; }) ( + lib.filterAttrs (_: v: v.enableACME) nginx.virtualHosts + ); + }; + pki.certificateFiles = [ ../../cert.pem ]; + }; +} diff --git a/hosts/services/pipewire/default.nix b/hosts/services/pipewire/default.nix index 91a940b..0d423ba 100644 --- a/hosts/services/pipewire/default.nix +++ b/hosts/services/pipewire/default.nix @@ -1,6 +1,5 @@ -{ lib, config, pkgs, ... }: { - # sound stuff - sound.enable = true; +{ ... }: +{ services.pipewire = { enable = true; alsa = { diff --git a/hosts/suwako/services.nix b/hosts/suwako/services.nix index 2f6b1ad..d063848 100644 --- a/hosts/suwako/services.nix +++ b/hosts/suwako/services.nix @@ -12,13 +12,5 @@ in ports = [ 22 ]; }; }; - - security.acme = { - acceptTerms = true; - certs = lib.mapAttrs (n: _: { email = "natto@${domain}"; }) - (lib.filterAttrs (_: v: v.enableACME) config.services.nginx.virtualHosts); - }; - - security.pki.certificateFiles = [ ../../cert.pem ]; }