From 27530f0de0912841c37006c270786cbf19fc252c Mon Sep 17 00:00:00 2001
From: Emelie Graven <emelie@graven.dev>
Date: Tue, 12 Apr 2022 17:36:08 +0200
Subject: [PATCH] Remove wildcard cert

---
 .../grondahl/data/secrets/acme_anarkafem_dev   | Bin 120 -> 0 bytes
 config/hosts/grondahl/data/secrets/secrets.nix | Bin 1045 -> 955 bytes
 config/hosts/grondahl/services/acme.nix        |   5 -----
 config/hosts/grondahl/services/nginx.nix       |   6 +++---
 .../wind/data/secrets/acme_graven_dev.env      | Bin 117 -> 0 bytes
 .../hosts/wind/data/secrets/acme_graven_se.env | Bin 116 -> 0 bytes
 config/hosts/wind/data/secrets/secrets.nix     | Bin 1030 -> 866 bytes
 config/hosts/wind/services/acme.nix            |  12 ------------
 config/hosts/wind/services/nginx.nix           |  14 +++++++-------
 9 files changed, 10 insertions(+), 27 deletions(-)
 delete mode 100644 config/hosts/grondahl/data/secrets/acme_anarkafem_dev
 delete mode 100644 config/hosts/wind/data/secrets/acme_graven_dev.env
 delete mode 100644 config/hosts/wind/data/secrets/acme_graven_se.env

diff --git a/config/hosts/grondahl/data/secrets/acme_anarkafem_dev b/config/hosts/grondahl/data/secrets/acme_anarkafem_dev
deleted file mode 100644
index 5e08a249ae5a2dcd4d20c2399a7f0ac31b5dc9f6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 120
zcmV-;0EhnoM@dveQdv+`0LSe8oj(~xYR#jRV$VWK)aq@_6pVoYJL=N_5}NLy!z<|v
zG&toAb!h-zQC~s4x4%$A)}0CM$pWrd{I6--bjU|}`T6&zC6*R35$Jr!DIBi?L(vZV
aEsr!HJHxL+ZB@gyHZf36?6BtVphdtJ#yMXA

diff --git a/config/hosts/grondahl/data/secrets/secrets.nix b/config/hosts/grondahl/data/secrets/secrets.nix
index 1feacfcb4006c08b8c5ba2be61bdb614710fe5b0..249edb2f002158783f59c4399986469a44e1dda0 100644
GIT binary patch
literal 955
zcmV;s14R4)M@dveQdv+`0OP`;B^1>76CQ=Acv;<lP_vMB<%!(^$8Bjoo$+h~^}MQs
zv;rWw-uJV>=iVgWBs({dLjva)UJfwJ1%~%C3uV6mKoysvrn!$<=_)xlu@*=`N60|^
zW!e2?{+@i7kf^2#R=EnbBW~wMhAlgqc0ERDC4oIar7o^GJYS7hnfp^_i@PTAuG&xY
zzqnZ`-trLa6)BNP7cEM_v#AL?2gp7MVTjhsT}>7G&_{L-Vj#H8C<a#yuxu+#VVT92
z;mT9zIvL$0=1%lY`8wjnRsRwhgQ8Wa%_c{lo;YE~p*Wd7flEusYZzL5P!*^hqy^D(
zv$0PDbvKba2S@M%8-QyI_{AM{hKK8P*-SFqK@uN!_~M}rz^d#imGlHZwB744U58+>
zVw;3Sa*V~$Kyd(~%ftX$PjLSCJMt(<$eG?4K8MgI7GAN#VbE2{)D6`*5OJVClw+T|
z6Qqg4rF8Ld<kB}hGG*M#I-SS&823Gynq<@9<PlO6AueY_by|kxEd<m83rWZwiAYo#
zXF#U?oEBslo>mlRSoz+g>esq%X=an0IuTp}9P6)&9l&zX7aHgV4Rl`g<E^H-q2;~x
z)_Q-T2p2&Al415H9K_67iK_ex5esQ}cUgsB-L}GztBL8>%50=c7kEc@v}cKvlN$JE
z0lh4RC=yZ%%<>Q%);z&w7%A|0YPLL45uAp$EO+p;!IXH~SHMzuaJ1T`m8%Wsa%e31
z>bj$hSVBy;*178GjkSwZt{P<D{RbKQ-!H-Mb3$;dB5QX#MC~Z&^FJ~uK;K8V*Uw*W
z;58<A=Wxb^(ut3}q&^SD!Z~a~1=-M+qdNN5^hosAnvNJXJgnRa3xuygWm&5U{1T7f
z)T#aQN~C?nn;@tJsx69fHFItwTT%8=+kR!=u1&;^VT<<WBbk^yYBsX&5@d0Dy99)|
zNOyQip1@^iQ`qt-#u_woe<m4aRbL9bXoS5QJy};{Gna*<5u0hIVU9OSN8EkC)n+$c
zI6py48y@evF#gR6oXZ+MH3OhQlV8b}Md!)E_@lY;haedHG!i}`tkB*Qs=Gc?JW{0_
znl61_g*P9kuhFF6@#qZ#UYi>243!i|$9xyXKJdD6UodzI)KAtZH6@`a8t9?oW~89Q
zb>cJe5oh-QBm!_=)BEpLhgZLd?@$<`Hj-(zh|5e73;Wk~Uh3)S%=s?6O6PVtAkBq7
d7<{~9SWp?=f9q*zvY2E*2zm~3PrrV#(SgAc&*}gG

literal 1045
zcmV+w1nT<$M@dveQdv+`01O<P(fut2xq!%LZvzr%s(^`P8#&IYyAN?+il|#oW>#;{
z;4kx(jIs2c9#>TOEPDhK%b)S8)Ug**gLnL>u+6T-pk&e3v;1*Ld$I6Z4#7;$$YT7<
z?xJIdV$ctO2Ng-?6v)_tJICQ-4R)XfD#|JO0s!7pKESu`E8QOoG>glf(3vgx1e{+-
z<}R_$Y~Y{!H`YA#fqG|Fl8w>Gv}6YuCi{2r=eB?YZo7;ooSzcRw?cPb{50z4N70yG
z#Oi2yn9Lmzph9KWje&YrQFG#erW0y}GDv^j-g*+nQe?J@4$n)8<J*124u>lt6<4HK
zTqCi<aw>m1ufnlaj}k$a2b5ZNvC7L@YPk{V4>_W>!U@?F*HAJ%W%{B+uKnB2i!&Gv
z?G(vcdq~c&k4`;$Fg1N%2#Op@LAB;Z5Gt0>as-SMqax#y{K@{50*0a#Y@hg)6e@Y@
zWd6p-1qmcMJc#O{Ww-eM7jd{Ay-3n-S%X4kyb%7efa*3ziO0o}R)Vt=TtUb|>tH!z
zKE7{slrxSO;orq?|L$DrKh#ghR_&$k;GF$=ZJ@AkXa|<EaR@e+I$@m4JgP;1nQiS+
zpF>zoS3$HZ`!?k9k|PQ=nOdAZyr~xY*e{fk#lN`5+lxGEo6%q1yCH{O9;{p}1s^6a
z{$PwwZ#YC2W&N_*HJi}w<Ii$?k<x*Yi&$!g`aj@MgR(&uG<@GEeRAw)0t7g6<f!8j
zd!RM1N&Lc^pU-FT)B?8KuEDWHzWJ&lVJ;K}8h9Q4L?Zu~g-?UFj3}u>4#!HeUyIhg
zjJeE2<p<ARFc=+zw}B6`+NNKl8iIh^3GDmO`L~JB?!*6TUf#Ifag6w+_MG4+tC>ZA
zGY%hL4FmduyY;i~f@N{EeE8Fl`nUw#KZ8`Xv;v^w+lv9v<OOAJJfbHUg`pLf@v*jm
z``Bwbt3*TTO5a4=G$W%x;{LZjB?cry%K4fAwnw1DT5bUJg)F&9MS?ljMxFnpg}9gl
z8YH<@O92+yh1NYlGY}jxZ4i416T9Y)%*?xv^1|yhWsOEqtT4Kni<-~^_$3|&j>I#~
zNbdW!?XP&wT8k?xrX4ZF<!#gFxx4{6hIkLCct%mOE`d@)`2H3>enLrh-MA}o3cm3f
z-5kSrirpy{s5S;LPu1Zh_u6gB=5MZEKzS>1Y7{;Msp1U(OR>OLu!AclA*9r7CM9;C
zad0$}uliVsY|k_nw@1h&!ZM&j(NZ^6;Mx-On?~L?-Fwn=hq;^)k~g4~Y~6fUU1A&)
z7_q|<=Dxm~gvXJ~2h}Jc)on(O!6jQosoV}}ij|*j%GLW$IFAM~w7U04Teivk`ZsJ2
P2I(e`@M~p?ZXbK-?Z*p_

diff --git a/config/hosts/grondahl/services/acme.nix b/config/hosts/grondahl/services/acme.nix
index a69f94e..076f91c 100644
--- a/config/hosts/grondahl/services/acme.nix
+++ b/config/hosts/grondahl/services/acme.nix
@@ -4,11 +4,6 @@
   security.acme = {
     acceptTerms = true;
     email = "admin+certs@anarkafem.dev";
-    certs."anarkafem.dev" = {
-      extraDomainNames = [ "*.anarkafem.dev" ];
-      dnsProvider = "hurricane";
-      credentialsFile = config.secrets.files.acme_anarkafem_dev.file;
-    };
   };
 }
 
diff --git a/config/hosts/grondahl/services/nginx.nix b/config/hosts/grondahl/services/nginx.nix
index 9d2edcd..2195ebe 100644
--- a/config/hosts/grondahl/services/nginx.nix
+++ b/config/hosts/grondahl/services/nginx.nix
@@ -2,7 +2,7 @@
   imports = [ ../../../common/services/nginx.nix ];
   services.nginx.virtualHosts = {
     "anarkafem.dev" = {
-      useACMEHost = "anarkafem.dev";
+      enableACME = true;
       forceSSL = true;
       locations."/".root = "/var/www/anarkafem.dev/public";
       locations."/_matrix/".proxyPass = "http://127.0.0.1:8008";
@@ -21,12 +21,12 @@
       };
     };
 		"cal.anarkafem.dev" = {
-			useACMEHost = "anarkafem.dev";
+			enableACME = true;
 			forceSSL = true;
 			locations."/".proxyPass = "http://127.0.0.1:4000";
 		};
 		"auth.anarkafem.dev" = {
-			useACMEHost = "anarkafem.dev";
+			enableACME = true;
 			forceSSL = true;
 			locations."/".proxyPass = "http://127.0.0.1:9000";
 		};
diff --git a/config/hosts/wind/data/secrets/acme_graven_dev.env b/config/hosts/wind/data/secrets/acme_graven_dev.env
deleted file mode 100644
index cd4a5e26fb592967a6c54cfbb405f6d7c203eb6e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 117
zcmV-*0E+(rM@dveQdv+`06`EGqSsoQfxi2}`l*=dm3P5Jh0t=IxLlw;Ai2@GVQ6#)
z%jtv&SsZ^%wZA64Y-mdz5==jJ_UD1=sK<iD*%pI|1$n!M@=}^feVKnmZai;N&#Z%g
Xast_^&GH2{L3%isQmKXygj`~s&%QV!

diff --git a/config/hosts/wind/data/secrets/acme_graven_se.env b/config/hosts/wind/data/secrets/acme_graven_se.env
deleted file mode 100644
index 7ac992bb3ff98e1e615d6a10f8dfa88b17b1f1c4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 116
zcmV-)0E_<sM@dveQdv+`0LE?>;zBrUQn93iF$K9C_5H*1knVo3Z?tPODMc-ij#aTY
ze0@6dPUVv34Z@Qwm^_W;_TUVV;`P3eM`)461hMmBcEAk8n2y-%F5&@he*JmbxY_6P
Wz*+5fiS8M((C<(?(YP*Tk(K4@**)R_

diff --git a/config/hosts/wind/data/secrets/secrets.nix b/config/hosts/wind/data/secrets/secrets.nix
index 5592aaf52288f4f30d9c3f15c700d2555915670c..815cba8d9dc5b16e1144e704fa5104a41c342684 100644
GIT binary patch
literal 866
zcmV-o1D*T;M@dveQdv+`0Gk38$taQ&gJwm$AsPC=woE}skh{{=W||)sR<#xnVa=4!
zOjsohg>NQ$ah_Ee0<g5D#FUmW=Sl8SC8xne$uVi4Bjp6Sgn6FDQio4=B>C+6txcB(
z&^m`6xai;#8PZdYNcDJPHJ)-OkH-KD7z;q-q)CK+_IfrR6HG+I9~)3!2imGkhBHlK
zr1iGD<7yums_E;muN6wtU?j*`KT5hraonbJc)H7qj6Wn)?W5C1`~2h^)eWfVD?b-;
z6VTE2b!qha*o_zwd#|~P_hQ!d9R{ks>RXA&!;ZMCh69kV17R&%A&Vo*)=12-4-^+u
za{FDm8^&SA%F8&F8K)ize+wAhkOuw9r5H*oOM+G6hB{eQx1t)YPp-&p4DTBQn$!k=
zQorfT<%x{f&L;I#rzyjS=kOL!9xTOx3@%t;DtRH~`_TX??3g9Cd7OGr0&hPDM@RM4
zb0Fu6J*3B6!8ckD=wK+U%H7>sig}Ja4zzVGHhNbz?&K~u8eFxky`D~m)iU`k#WHn}
zGuavnyj*%R#jkB95I^Vp?k$y`(|V@IToeS<I1g6HmA6;~6RwsQdrrL~T^H{GSQ;La
z*wP?IVHV?1N_S+E7694_q*jk<9>YQ^kd1XL6WtPlMZH2fz%n7aLymtQ#xNjat54Q|
zzjfveyOsJ7g4X0eB;kI=Rh&%ZPn;^se%=qE8ETC&L8?)S!!awj`UjW<$h1`n{DUj#
z32SU)a?}~Jee+Gu%t#_55v;EjbOvJhrPkfYJV&6-xhv|qjEYqAI2x|-DI@(X!h@{e
zVv4j{^zvPuWn*Hgv@j1xldl;Mhc?FfVyIm&**ClEngI_aS~M{}wHJ6+Um}_RiV#-A
z+;mRPF+=HhTT>8OBO-7Ny~|sSjUVl`?bi^sKVER~s8kpBE{{{pLpKBNk8mj~MydQU
z8E|?ttkgDnf4U%2jI9#@SaAH!wVn2payE3hTk`1Jm%&U-aEKnDYV)&@HCNI9R|8g|
z@N%1o^I8+A#n>2^K;JL%N?5B>-LI@^+N;<v6hf^IXAsm>jtFx44NDPoV$NL^1_jb}
s-+$0%Z=i^O_#l6ivC2;-3y{0VYe5WMKlW!sM_;=GsyOnUjKure#|R~w00000

literal 1030
zcmV+h1o`^_M@dveQdv+`0NT)*bSL{?=g|uNyFL18VNEOu9L-MpO81{_?ErQt^44oE
z-sqZGA+bD#8-?U4*OGxh=gJz7-~sbdLMGbYhC>m>(^Z5k77Qu-+oosj4p59A5t!Z^
zG)`vBa(*cvb=08kxbATFQZ$L!jJoGz`{*;~QZ1E8Fpced&U$tuk{>$2>B!fuA9*;Y
zrPTc!X!q1Oy0jo}AZ&QP{g@>y8~eQQg=L8c%x>T{%#Ouw=V-%fKE?xPuOjff1vU#;
z_Y(^iSod}WzzvK2voFxnY90KXd=sNVeu);2<1Cd8YnWS#pIYnE_#-i}gLT?~n_drn
zTy8(O3gAV=#y`IdJQ8i}RV@{CkabYtg1z@XC$~2SFUfK>fux2b>)1EkA#1#`tFhYC
zBH4ts7Sn04?eZ}<*j+Q|u^T*0o_%Hb1bT)O?TIFs7hzQe(tu^{&*x&~%ZDP+l&cYr
zt4eRgiy&n(HELyl;gG0bSSYLWqGem(Km*<2KuUEnX<*>Wy`HE&rtMss6EV_1<<R1E
z77AV)ud=lRvzMP<C4qDmMrv!j)(Z0?n5o4LoNmPk(pD_w(S;aILvtXNNs&%Sg(1l_
zSkUwCM+uJgzh+?4K$K4d2KJsXx|=r9w7|FLXRU2QE8^94pwIq~+0BxpS_Etb0_Vs+
z^4aYEM(EN6aN&PyS4io>AxcMA@jyUxj%Li|shs4C0>mVMR6}N9sdV)bWxqxYAMxY-
zS^!!%4bOPpG1mhGP&)?ljJ22!-*cAUqYp>4y`&_#X@JNfhHQIeywQ3Lo8x_Naw1z)
zs_$;t93@<ovAi&zedvWwwO~D!=4~En6c6s~gAj6)-QW4<v(sC*La*V$Z2)1cex`nZ
zZR6M&Rn1Zg2ZM@>&PNri&&=f7X|BA^)(C|~gM%P1FJls!kINV{ENu2zDtbUNH$%AD
z^X7XJ;_CPS0$DCp0_@jlvJn+}cZ5&*g+&m#biVAvs>zN4lQ))q7_>*ey)MZYsKz3u
ztVn0o$U>u&xBCku-E<9hf0v&^Pe&KqWV(koSnJCn8arez<&VCNYBR)bxYJz<?pgzn
zH(y^%ig-Ou6A&gdMDSKie1vr|ngRZ`?Kree7dX&WsCIBxIRC}Mkl#4nELo6Gp?&Oc
zH<9r|;JyD=DsUKBUI=-iUwHNNz<S86dU-^`pIxg$YAzel6LOmO=6|`d_rdry)Arn1
z`?Zyp)r5`apU{j69j`Fzn$SgS`Y#*4RInzEZ@*G)okr+Ttg$2H(!Dw`)wL@~qg)`&
zr0rfU66nA0&wA2059V`-3P*u@)|@lFS+LG$_%efjFnUS@N;$qTu&T!?Cac9Ye9HF%
A2><{9

diff --git a/config/hosts/wind/services/acme.nix b/config/hosts/wind/services/acme.nix
index 862d516..62ae467 100644
--- a/config/hosts/wind/services/acme.nix
+++ b/config/hosts/wind/services/acme.nix
@@ -4,18 +4,6 @@
   security.acme = {
     acceptTerms = true;
     email = "admin+certs@graven.dev";
-		certs = {
-			"graven.dev" = {
-				extraDomainNames = [ "*.graven.dev" ];
-				dnsProvider = "hurricane";
-				credentialsFile = config.secrets.files.acme_graven_dev.file;
-			};
-			"graven.se" = {
-				extraDomainNames = [ "*.graven.se" ];
-				dnsProvider = "hurricane";
-				credentialsFile = config.secrets.files.acme_graven_se.file;
-			};
-		};
   };
 }
 
diff --git a/config/hosts/wind/services/nginx.nix b/config/hosts/wind/services/nginx.nix
index e219049..a440332 100644
--- a/config/hosts/wind/services/nginx.nix
+++ b/config/hosts/wind/services/nginx.nix
@@ -2,7 +2,7 @@
 	imports = [ ../../../common/services/nginx.nix ];
 	services.nginx.virtualHosts = {
 		"graven.dev" = {
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			forceSSL = true;
 			locations."/".root = "/var/www/graven.dev/public";
 			locations."/_matrix".proxyPass = "http://127.0.0.1:8008";
@@ -21,17 +21,17 @@
 			};
 		};
 		"rss.graven.dev" = {
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			forceSSL = true;
 		};
 		"git.graven.dev" = {
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			forceSSL = true;
 			locations."/".proxyPass = "http://unix:/run/gitea/gitea.sock:";
 		};
 		"vault.graven.dev" = {
 			forceSSL = true;
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			locations."/" = {
 				proxyPass = "http://localhost:8812";
 				proxyWebsockets = true;
@@ -47,7 +47,7 @@
 		};
 		"openpgpkey.graven.dev" = {
 			forceSSL = true;
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			locations."/" = {
 				root = "/var/www/openpgpkey";
 				extraConfig = ''
@@ -63,7 +63,7 @@
 		};
 		"openpgpkey.graven.se" = {
 			forceSSL = true;
-			useACMEHost = "graven.se";
+			enableACME = true;
 			locations."/" = {
 				root = "/var/www/openpgpkey";
 				extraConfig = ''
@@ -79,7 +79,7 @@
 		};
 		"tor.graven.dev" = {
 			forceSSL = true;
-			useACMEHost = "graven.dev";
+			enableACME = true;
 			locations."/" = {
 				root = "/var/www/tor";
 				extraConfig = ''