4 files changed, 21 insertions, 5 deletions

diff --git a/hosts/tahoe/default.nix b/hosts/tahoe/default.nix
index cfa3717..6fb5fcb 100644
--- a/hosts/tahoe/default.nix
+++ b/hosts/tahoe/default.nix
@@ -9,6 +9,7 @@ in
     ./networking.nix
     ./services.nix
     "${self}/profiles/nas.nix"
+    "${self}/profiles/acme.nix"
     "${self}/profiles/hardware/amd.nix"
   ];
 
diff --git a/hosts/tahoe/secrets/gandi/apikey.age b/hosts/tahoe/secrets/gandi/apikey.age
new file mode 100644
index 0000000..3f35522
--- /dev/null
+++ b/hosts/tahoe/secrets/gandi/apikey.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> X25519 jMYhTKmWi5riTgT9QQVOlzlIegqM1MI2QtJbOonsL2E
+bM9xqcJc41bKs0as9lIQQQGZhB5cmaZtO1fHCsrMR9M
+-> X25519 3xMvuIuRGXBp/gbv+aZpjkp6wLw6hyRAqBIe/Pf+Szo
+2X45mDvLNcDOntT4JgZUFHpnlShm3UYv7gCpHGaj4Fo
+-> X25519 xemfO0+4pS8WG/7QoIIqULZ/xN+C0l+LbBgv4QIdcQU
+VfoMT93/3hTZdPo4ALCaEZrIO3bHhsoxCwf6DyXPwvI
+-> s06@-grease .@\9Og@9 7yCI nS'`(65/
+W1seHOnAnPFF8BB6uqQKv8JwpmoNCU93i06VtxuuHiaeGrlXNPiF0ikD/mysdA
+--- dpDFFk5ZPUwQZp96fpS85eZCVELD4GB1uwl/8ev5moA
+��⇼�?�Z�u�����>��x��3d[s�Lٵ
��)�|[��z��1#�c�Ѩ���3B�HLw҂�]$�.
\ No newline at end of file
diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
index 34b955b..0560a57 100644
--- a/hosts/tahoe/secrets/secrets.nix
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -28,6 +28,11 @@ in
     owner = "unpoller-exporter";
   };
 
+  "gandi/apikey.age" = {
+    publicKeys = all;
+    owner = "acme";
+  };
+
   "restic/repo-systems.age".publicKeys = all;
   "rsync.net/ssh-key.age".publicKeys = all;
 
diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix
index a04225e..0227f4c 100644
--- a/hosts/tahoe/services.nix
+++ b/hosts/tahoe/services.nix
@@ -1,8 +1,7 @@
-{ config, ... }:
+{ self, config, ... }:
 let secrets = config.age.secrets;
 in
 {
-
   # this unit is broken and useless. I don't know how to not install
   # it, so let's mask it.
   systemd.services.mdmonitor.enable = false;
@@ -14,12 +13,12 @@ in
     };
     navidrome = {
       enable = true;
-      vhostName = "music.fcuny.xyz";
+      vhostName = "music.${config.homelab.domain}";
       musicFolder = "/data/fast/music";
     };
     unifi = {
       enable = true;
-      vhostName = "unifi.fcuny.xyz";
+      vhostName = "unifi.${config.homelab.domain}";
     };
 
     monitoring = {
@@ -33,7 +32,7 @@ in
       };
       grafana = {
         enable = true;
-        vhostName = "dash.fcuny.xyz";
+        vhostName = "dash.${config.homelab.domain}";
       };
       promtail.enable = true;
       node-exporter.enable = true;