forked from pub-solar/infra
teutat3s
9758aeda5d
CNAME records By usind wildcard CNAME records, we make lego think it needs to validate challenges using these CNAME records. We actually want regular _acme-challenge.* records, so use a environment variable to avoid CNAME detection. This fixes DNS cert renewal. Still curious? See: https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme/ |
||
---|---|---|
.forgejo/workflows | ||
docs | ||
hosts | ||
lib | ||
logins | ||
modules | ||
overlays | ||
secrets | ||
terraform | ||
tests | ||
.editorconfig | ||
.envrc | ||
.git-blame-ignore-revs | ||
.gitignore | ||
CONTRIBUTING.md | ||
flake.lock | ||
flake.nix | ||
LICENSE.md | ||
README.md | ||
treefmt.toml |
The pub.solar infrastructure
This repository contains almost all of the configuration for the whole pub.solar infrastructure. Our goal is to have everything, from host configurations to Terraform DNS in this repository.
The architecture we are working towards is a vast simplification of what it was before: one dedicated Hetzner server running NixOS with all services. Offsite backups go to several different locations with restic.
Contributing
If you'd like to contribute, it makes sense to talk to the crew on Matrix via #hakken. We can help figuring out how things work and can make sure your ideas fit the pub.solar philosophy. Of course popping a pull request is always celebrated.
To start, check our contributing guide.