nixos-conf/servers/utils/cert-store-client.nix

{ lib, ... }:
{
  options.services.nginx.virtualHosts = lib.mkOption {
    type = lib.types.attrsOf (
      lib.types.submodule {
        config = lib.mkDefault {
          sslCertificate = "/mnt/acme/fullchain.pem";
          sslCertificateKey = "/mnt/acme/key.pem";
        };
      }
    );
  };

  config = {
    services.openssh.knownHosts."cert-store.vsinerva.fi".publicKey =
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4FaKqA2rQbxpdRBdGtb2lb5El/zbGnvmDfdYJdrxH7";

    systemd.services.nginx = {
      wants = [ "mnt-acme.mount" ];
      after = [ "mnt-acme.mount" ];
    };

    fileSystems."/mnt/acme" = {
      device = "cert-store@cert-store.vsinerva.fi:/home/cert-store/acme/-.vsinerva.fi";
      fsType = "sshfs";
      options = [
        "nodev"
        "noatime"
        "allow_other"
        "IdentityFile=/etc/ssh/ssh_host_ed25519_key"
      ];
    };
  };
}
Refactor server files 2025-05-29 02:12:20 +03:00			`{ lib, ... }:`
			`{`
			`options.services.nginx.virtualHosts = lib.mkOption {`
			`type = lib.types.attrsOf (`
			`lib.types.submodule {`
			`config = lib.mkDefault {`
			`sslCertificate = "/mnt/acme/fullchain.pem";`
			`sslCertificateKey = "/mnt/acme/key.pem";`
			`};`
			`}`
			`);`
			`};`

			`config = {`
			`services.openssh.knownHosts."cert-store.vsinerva.fi".publicKey =`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4FaKqA2rQbxpdRBdGtb2lb5El/zbGnvmDfdYJdrxH7";`

			`systemd.services.nginx = {`
			`wants = [ "mnt-acme.mount" ];`
			`after = [ "mnt-acme.mount" ];`
			`};`

			`fileSystems."/mnt/acme" = {`
			`device = "cert-store@cert-store.vsinerva.fi:/home/cert-store/acme/-.vsinerva.fi";`
			`fsType = "sshfs";`
			`options = [`
			`"nodev"`
			`"noatime"`
			`"allow_other"`
			`"IdentityFile=/etc/ssh/ssh_host_ed25519_key"`
			`];`
			`};`
			`};`
			`}`