some acme changes

modules/services/adguard.nix

@@ -18,6 +18,11 @@ in {
       default = true;
       description = "use https for the adguard instance";
     };
+    acme-url = lib.mkOption {
+      type = lib.types.str;
+      default = "https://127.0.0.1:8443/acme/kop-acme/directory";
+      description = "acme url for the adguard instance";
+    };
   };
   config =
     let
@@ -28,14 +33,12 @@ in {
       networking.firewall.allowedTCPPorts = [ 53 ];
       networking.firewall.allowedUDPPorts = [ 53 ];
 
-      security.acme.certs."${cfg.fqdn}".server =
-        "https://127.0.0.1:8443/acme/kop-acme/directory";
+      security.acme.certs."${cfg.fqdn}".server = cfg.acme-url;
       # nginx reverse proxy
+      services.nginx.enable = true;
       services.nginx.virtualHosts.${cfg.fqdn} = {
         forceSSL = cfg.useHttps;
         enableACME = cfg.useHttps;
-        quic = cfg.useHttps;
-        http3 = cfg.useHttps;
         locations."/" = {
           proxyPass =
             "http://127.0.0.1:${toString config.services.adguardhome.port}";

modules/services/step-ca.nix

@@ -43,13 +43,14 @@ in
     owner = "step-ca";
     group = "step-ca";
   };
+  networking.firewall.allowedTCPPorts = [ 8443 ];
   services.step-ca = {
     enable = true;
-    address = "127.0.0.1";
+    address = "";
     port = 8443;
     intermediatePasswordFile = config.age.secrets.step-ca-pw.path;
     settings = {
-      dnsNames = [ "localhost" "127.0.0.1" "*.home.arpa" ];
+      dnsNames = [ "localhost" "127.0.0.1" "*.home.arpa" "192.168.0.10" ];
       root = pkgs.writeTextFile {
         name = "root.ca";
         text = root_ca;

systems/amd-server/configuration.nix

@@ -17,6 +17,7 @@
     nftables.enable = true;
     cli-tools.enable = true;
     virt-manager.enable = true;
+    static-ip.ip = "192.168.0.20";
     nix = {
       index.enable = true;
       ld.enable = true;
@@ -29,17 +30,22 @@
       wooting.enable = true;
     };
     services = {
+      acme.enable = true;
       smartd.enable = true;
+      #adguard = {
+      #  enable = true;
+      #  acme-url = "https://192.168.0.10:8443/acme/kop-acme/directory";
+      #};
     };
     graphical = {
       audio.enable = true;
       sddm.enable = true;
-      nightlight.enable = true;
-      i3.enable = true;
+      #nightlight.enable = true;
+      #i3.enable = true;
       xfce.enable = true;
       shared.enable = true;
-      games.enable = true;
-      basics.enable = true;
+      #games.enable = true;
+      #basics.enable = true;
     };
   };
   mainUser.layout = "de";
@@ -59,6 +65,22 @@
     };
   };
 
+  security.pki.certificates = [
+    ''
+      -----BEGIN CERTIFICATE-----
+      MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM
+      MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx
+      MTZaFw0zMzEyMDUxNDUxMTZaMCQxDDAKBgNVBAoTA0tvcDEUMBIGA1UEAxMLS29w
+      IFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATdZBOkNynShXipzhuX
+      f6dUByD3chNupNWsagYC5AlPRJT9fAeHEIK/bxWkFwRtLBDopWvBu9lHahBgpHc7
+      y7rTo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNV
+      HQ4EFgQU9AVtwipW5HDBLfZRH1KZCnIKCfowCgYIKoZIzj0EAwIDSQAwRgIhAMHj
+      AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr
+      gpuVkfVkA8gQCXNs5F9TnxA=
+      -----END CERTIFICATE-----
+    ''
+  ];
+
   services.xrdp.enable = true;
   services.xrdp.defaultWindowManager = "xfce4-session";
   services.xrdp.openFirewall = false;