configs/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

{ ... }:
# TODO `fysiweb` should import config
#
# `config/default.nix` should automatically be imported by all systems through
# `fysiweb deploy`, if it exists.
{
  users.users.root.openssh.authorizedKeys.keyFiles = [
    ../public/aforemny.id_rsa.pub
    ../public/kirchner.id_rsa.pub
  ];

  security.acme.acceptTerms = true;
  # TODO why do defaults not suffice here?

  #security.acme.certs.defaults.email = "aforemny@posteo.de";
  #security.acme.certs.defaults.webroot = "/var/lib/acme/acme-challenge";
  security.acme.certs."auth.nomath.org".email = "aforemny@posteo.de";
  security.acme.certs."auth.nomath.org".webroot = "/var/lib/acme/acme-challenge";
  security.acme.certs."code.nomath.org".email = "aforemny@posteo.de";
  security.acme.certs."code.nomath.org".webroot = "/var/lib/acme/acme-challenge";
  security.acme.certs."nomath.org".email = "aforemny@posteo.de";
  security.acme.certs."nomath.org".webroot = "/var/lib/acme/acme-challenge";
  security.acme.certs."static.nomath.org".email = "aforemny@posteo.de";
  security.acme.certs."static.nomath.org".webroot = "/var/lib/acme/acme-challenge";
  networking.firewall.allowedTCPPorts = [ 80 ];
}