move acme configurations to a profile

Clean up API keys for Cloudflare.

1 files changed, 2 insertions, 29 deletions

diff --git a/machines/nixos/x86_64-linux/do-rproxy.nix b/machines/nixos/x86_64-linux/do-rproxy.nix
index da606b6..70dd15e 100644
--- a/machines/nixos/x86_64-linux/do-rproxy.nix
+++ b/machines/nixos/x86_64-linux/do-rproxy.nix
@@ -1,6 +1,7 @@
 { config, adminUser, ... }:
 {
   imports = [
+    ../../../profiles/acme.nix
     ../../../profiles/cgroups.nix
     ../../../profiles/defaults.nix
     ../../../profiles/disk/basic-vm.nix
@@ -9,16 +10,7 @@
     ../../../profiles/server.nix
   ];
 
-  age = {
-    secrets = {
-      cloudflare-nginx = {
-        file = ../../../secrets/cloudflare-nginx.age;
-      };
-      wireguard = {
-        file = ../../../secrets/do/wireguard.age;
-      };
-    };
-  };
+  age.secrets.wireguard.file = ../../../secrets/do/wireguard.age;
 
   disko.devices.disk.disk1.device = "/dev/vda";
 
@@ -57,25 +49,6 @@
     443
   ];
 
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "franck@fcuny.net";
-    certs = {
-      "code.fcuny.net" = {
-        dnsProvider = "cloudflare";
-        dnsResolver = "1.1.1.1";
-        reloadServices = [ "nginx.service" ];
-        credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
-      };
-      "fcuny.net" = {
-        dnsProvider = "cloudflare";
-        dnsResolver = "1.1.1.1";
-        reloadServices = [ "nginx.service" ];
-        credentialFiles.CF_DNS_API_TOKEN_FILE = config.age.secrets."cloudflare-nginx".path;
-      };
-    };
-  };
-
   services.nginx = {
     enable = true;
     recommendedProxySettings = true;