torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

fixup! pki: add new vault root ca to pki
Some checks failed
Run nix flake check / flake-check (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Torjus Håkestad
2026-02-03 05:16:22 +01:00
parent 01c825db62
commit ca6e91a0ab
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
hosts/vaulttest01/configuration.nix
View File

@@ -105,6 +105,24 @@
}; };
}; };
# Test ACME certificate issuance from OpenBao PKI
# Override the global ACME server to use OpenBao instead of step-ca
security.acme = {
acceptTerms = true;
defaults = {
server = "https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory";
email = "root@home.2rjus.net";
dnsPropagationCheck = false;
};
};
# Request a certificate for this host
# Using HTTP-01 challenge with standalone listener on port 80
security.acme.certs."vaulttest01.home.2rjus.net" = {
listenHTTP = ":80";
enableDebugLogs = true;
};
system.stateVersion = "25.11"; # Did you read the comment? system.stateVersion = "25.11"; # Did you read the comment?
} }