From 9fb03640e0aa91405ba79ea0754bd7e79aa662df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vili=20Sinerv=C3=A4?= <vili.m.sinerva@gmail.com>
Date: Thu, 20 Feb 2025 23:52:23 +0200
Subject: [PATCH] Move ACME client to opnsense

---
 services/acme-cert-store.nix | 23 ++++-------------------
 1 file changed, 4 insertions(+), 19 deletions(-)

diff --git a/services/acme-cert-store.nix b/services/acme-cert-store.nix
index 7c92b27..b53f1e6 100644
--- a/services/acme-cert-store.nix
+++ b/services/acme-cert-store.nix
@@ -10,23 +10,8 @@
     ];
   };
 
-  security.acme = {
-    acceptTerms = true;
-    certs."vsinerva.fi".extraDomainNames = [ "*.vsinerva.fi" ];
-    defaults = {
-      email = "vili.m.sinerva@gmail.com";
-      environmentFile = "/var/lib/acme/dns-creds";
-      dnsProvider = "ovh";
-      extraLegoFlags = [
-        "--dns.propagation-wait"
-        "60s"
-      ];
-      postRun = ''
-        mkdir -p ${config.users.users."cert-store".home}/acme
-        cp fullchain.pem ${config.users.users."cert-store".home}/acme/
-        cp key.pem ${config.users.users."cert-store".home}/acme/
-        chmod o+r ${config.users.users."cert-store".home}/acme/*.pem
-      '';
-    };
-  };
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsctvJR4JOVoTAas0+lb8662EXFsQVNozTntnR7o5R1 opnsense"
+  ];
+
 }