From 4f3e6550727a555ee4d28bda46cdc89ce8386c27 Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Wed, 3 Jul 2024 21:08:56 +0200
Subject: [PATCH] acme: switch to OVH API

---
 hosts/hades/secrets.nix             | 4 ++--
 modules/secrets/ovh/credentials.age | 7 +++++++
 modules/secrets/secrets.nix         | 2 ++
 services/nginx.nix                  | 4 ++--
 4 files changed, 13 insertions(+), 4 deletions(-)
 create mode 100644 modules/secrets/ovh/credentials.age

diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix
index 23b2cdb..55ec422 100644
--- a/hosts/hades/secrets.nix
+++ b/hosts/hades/secrets.nix
@@ -13,8 +13,6 @@
         // attrs;
     in
       lib.mapAttrs toSecret {
-        "gandi/api-key" = {};
-
         "lohr/shared-secret" = {};
 
         "matrix-synapse/secret-config" = {
@@ -29,6 +27,8 @@
           owner = "nextcloud";
         };
 
+        "ovh/credentials" = {};
+
         "paperless/admin-password" = {};
         "paperless/secret-key" = {};
 
diff --git a/modules/secrets/ovh/credentials.age b/modules/secrets/ovh/credentials.age
new file mode 100644
index 0000000..ab487ae
--- /dev/null
+++ b/modules/secrets/ovh/credentials.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 k2gHjw XED7gkKAp1ioBegA7ryqULRF1BORpW74esfIGp9zPE8
+ANxnQN+tox9KYdZvNZFZvQxOymckldPQMhFnz6fSIBo
+-> ssh-ed25519 pX8y2g 9wgPqL6GoOxad5AAUmDAYj0h/57AEM8VsQKq1pGTtjM
+SxD++XJioZLpt6C8Xse5Nmz4wtL0Fb5NKWo5ijKpyv8
+--- 3qOJnkY3Uc4fIex9mgz2+w+su5dS7K7Tmtk1hiqkn9M
+ÁXª¨àeéˆaLQH2*ZÅTé¿ ‘®P;Ý(jCÌ€k‡viäµûÿ’Ä§¡à†kæ`™ô]mòÿBñ,³±,ü÷?!¶{àŠ%­eÙì(„Su¿-SŸD¢¾“=H#‡„¼Þq=ïUùí;=OÍ<÷R¼ÇÎE±“<+&­èdÂæ>G+_oP¥Þ]ÿê¦RÄßL$Ö³\š°ü0ø¤N!þ"Áã&÷%Nž à<ËÃ,òv°1ÿ‘Ê‘Új1
\ No newline at end of file
diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix
index 34dc294..40ca77c 100644
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@@ -23,6 +23,8 @@ in {
 
   "nextcloud/admin-pass.age".publicKeys = [alarsyo hades];
 
+  "ovh/credentials.age".publicKeys = [alarsyo hades];
+
   "paperless/admin-password.age".publicKeys = [alarsyo hades];
   "paperless/secret-key.age".publicKeys = [alarsyo hades];
 
diff --git a/services/nginx.nix b/services/nginx.nix
index 6781549..e17c29b 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -66,8 +66,8 @@ in {
         gandiKey = config.my.secrets.gandiKey;
       in {
         "${fqdn}" = {
-          dnsProvider = "gandiv5";
-          credentialsFile = config.age.secrets."gandi/api-key".path;
+          dnsProvider = "ovh";
+          credentialsFile = config.age.secrets."ovh/credentials".path;
           group = "nginx";
         };
       };