Add monitoring script with smartctl

[perso/Immae/Config/Nix.git] / modules / private / certificates.nix

diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix
deleted file mode 100644 (file)
index f057200..0000000
--- a/modules/private/certificates.nix
+++ /dev/null
@@ -1,63 +0,0 @@
-{ lib, pkgs, config, name, ... }:
-{
-  options.myServices.certificates = {
-    enable = lib.mkEnableOption "enable certificates";
-    certConfig = lib.mkOption {
-      default = {
-        webroot = "/var/lib/acme/acme-challenge";
-        email = "ismael@bouya.org";
-        postRun = builtins.concatStringsSep "\n" [
-          (lib.optionalString config.services.httpd.Prod.enable "systemctl reload httpdProd.service")
-          (lib.optionalString config.services.httpd.Tools.enable "systemctl reload httpdTools.service")
-          (lib.optionalString config.services.httpd.Inte.enable "systemctl reload httpdInte.service")
-          (lib.optionalString config.services.nginx.enable "systemctl reload nginx.service")
-        ];
-        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" "account_reg.json"];
-      };
-      description = "Default configuration for certificates";
-    };
-  };
-
-  config = lib.mkIf config.myServices.certificates.enable {
-    services.duplyBackup.profiles.system.excludeFile = ''
-      + /var/lib/acme/acme-challenge
-      '';
-    services.nginx = {
-      recommendedTlsSettings = true;
-      virtualHosts = { "${config.hostEnv.fqdn}" = { useACMEHost = name; forceSSL = true; }; };
-    };
-    services.websites.certs = config.myServices.certificates.certConfig;
-    myServices.databasesCerts = config.myServices.certificates.certConfig;
-    myServices.ircCerts = config.myServices.certificates.certConfig;
-
-    security.acme2.preliminarySelfsigned = true;
-
-    security.acme2.certs = {
-      "${name}" = config.myServices.certificates.certConfig // {
-        domain = config.hostEnv.fqdn;
-      };
-    };
-
-    systemd.services = lib.attrsets.mapAttrs' (k: v:
-      lib.attrsets.nameValuePair "acme-selfsigned-${k}" (lib.mkBefore { script =
-        (lib.optionalString (builtins.elem "cert.pem" v.plugins) ''
-        cp $workdir/server.crt ${config.security.acme2.certs."${k}".directory}/cert.pem
-        chown '${v.user}:${v.group}' ${config.security.acme2.certs."${k}".directory}/cert.pem
-        chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme2.certs."${k}".directory}/cert.pem
-        '') +
-        (lib.optionalString (builtins.elem "chain.pem" v.plugins) ''
-        cp $workdir/ca.crt ${config.security.acme2.certs."${k}".directory}/chain.pem
-        chown '${v.user}:${v.group}' ${config.security.acme2.certs."${k}".directory}/chain.pem
-        chmod ${if v.allowKeysForGroup then "750" else "700"} ${config.security.acme2.certs."${k}".directory}/chain.pem
-        '')
-      ; })
-    ) config.security.acme2.certs // {
-      httpdProd = lib.mkIf config.services.httpd.Prod.enable
-        { after = [ "acme-selfsigned-certificates.target" ]; wants = [ "acme-selfsigned-certificates.target" ]; };
-      httpdTools = lib.mkIf config.services.httpd.Tools.enable
-        { after = [ "acme-selfsigned-certificates.target" ]; wants = [ "acme-selfsigned-certificates.target" ]; };
-      httpdInte = lib.mkIf config.services.httpd.Inte.enable
-        { after = [ "acme-selfsigned-certificates.target" ]; wants = [ "acme-selfsigned-certificates.target" ]; };
-    };
-  };
-}