From 3ed18d33fc0a318854363c81bb0b65f451dfeffa Mon Sep 17 00:00:00 2001
From: Emelie <em@nao.sh>
Date: Thu, 23 Sep 2021 09:08:09 +0200
Subject: [PATCH] switch to wildcard certs

---
 config/hosts/wind/services/acme.nix   | 17 +----------------
 config/hosts/wind/services/coturn.nix |  4 ++--
 config/hosts/wind/services/nginx.nix  |  6 +++---
 3 files changed, 6 insertions(+), 21 deletions(-)

diff --git a/config/hosts/wind/services/acme.nix b/config/hosts/wind/services/acme.nix
index 8346c2a..a4d02ad 100644
--- a/config/hosts/wind/services/acme.nix
+++ b/config/hosts/wind/services/acme.nix
@@ -5,25 +5,10 @@
     acceptTerms = true;
     email = "admin+certs@graven.dev";
     certs."graven.dev" = {
+      extraDomainNames = "*.graven.dev";
       dnsProvider = "hurricane";
       credentialsFile = config.secrets.files.acme_graven_dev.file;
     };
-    certs."turn.graven.dev" = {
-      dnsProvider = "hurricane";
-      credentialsFile = config.secrets.files.acme_turn_graven_dev.file;
-    };
-    certs."rss.graven.dev" = {
-      dnsProvider = "hurricane";
-      credentialsFile = config.secrets.files.acme_rss_graven_dev.file;
-    };
-    certs."git.graven.dev" = {
-      dnsProvider = "hurricane";
-      credentialsFile = config.secrets.files.acme_git_graven_dev.file;
-    };
-    certs."vault.graven.dev" = {
-      dnsProvider = "hurricane";
-      credentialsFile = config.secrets.files.acme_vault_graven_dev.file;
-    };
   };
 }
 
diff --git a/config/hosts/wind/services/coturn.nix b/config/hosts/wind/services/coturn.nix
index 7eb1b83..e4f25e3 100644
--- a/config/hosts/wind/services/coturn.nix
+++ b/config/hosts/wind/services/coturn.nix
@@ -17,8 +17,8 @@
     no-multicast-peers
     ";
     secure-stun = true;
-    cert = "/var/lib/acme/turn.graven.dev/fullchain.pem";
-    pkey = "/var/lib/acme/turn.graven.dev/key.pem";
+    cert = "/var/lib/acme/graven.dev/fullchain.pem";
+    pkey = "/var/lib/acme/graven.dev/key.pem";
     min-port = 49152;
     max-port = 49999;
   };
diff --git a/config/hosts/wind/services/nginx.nix b/config/hosts/wind/services/nginx.nix
index 6e9b122..5bfb6fb 100644
--- a/config/hosts/wind/services/nginx.nix
+++ b/config/hosts/wind/services/nginx.nix
@@ -60,17 +60,17 @@
         };
       };
       "rss.graven.dev" = {
-        useACMEHost = "rss.graven.dev";
+        useACMEHost = "graven.dev";
         forceSSL = true;
       };
       "git.graven.dev" = {
-        useACMEHost = "git.graven.dev";
+        useACMEHost = "graven.dev";
         forceSSL = true;
         locations."/".proxyPass = "http://unix:/run/gitea/gitea.sock:";
       };
       "vault.graven.dev" = {
         forceSSL = true;
-        useACMEHost = "vault.graven.dev";
+        useACMEHost = "graven.dev";
         locations."/" = {
           proxyPass = "http://localhost:8812";
           proxyWebsockets = true;