From c3a2c54b130e56523d520b1b297cbff5bbab4da9 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <git@depasquale.giugl.io>
Date: Wed, 4 Jun 2025 12:44:39 +0100
Subject: [PATCH] fix(acme): switch to cloudflare

---
 roles/acme.nix         | 12 ++++++------
 secrets/cloudflare.age | 28 ++++++++++++++++++++++++++++
 secrets/ovh.age        | 29 -----------------------------
 3 files changed, 34 insertions(+), 35 deletions(-)
 create mode 100644 secrets/cloudflare.age
 delete mode 100644 secrets/ovh.age

diff --git a/roles/acme.nix b/roles/acme.nix
index c072c02..fe60ecb 100644
--- a/roles/acme.nix
+++ b/roles/acme.nix
@@ -4,22 +4,22 @@ let
   giuglioDomain = "giugl.io";
 in
 {
-  age.secrets.ovh = {
-    file = ../secrets/ovh.age;
+  age.secrets.cloudflare = {
+    file = ../secrets/cloudflare.age;
     owner = "acme";
   };
   security.acme = {
     acceptTerms = true;
     certs.${giuglioDomain} =
       {
-        dnsProvider = "ovh";
-        environmentFile = config.age.secrets.ovh.path;
+        dnsProvider = "cloudflare";
+        environmentFile = config.age.secrets.cloudflare.path;
         extraDomainNames = [ "*.${giuglioDomain}" ];
       };
     defaults = {
       email = "letsencrypt@depasquale.giugl.io";
-      dnsProvider = "ovh";
-      environmentFile = config.age.secrets.ovh.path;
+      dnsProvider = "cloudflare";
+      environmentFile = config.age.secrets.cloudflare.path;
     };
   };
 }
diff --git a/secrets/cloudflare.age b/secrets/cloudflare.age
new file mode 100644
index 0000000..801c293
--- /dev/null
+++ b/secrets/cloudflare.age
@@ -0,0 +1,28 @@
+age-encryption.org/v1
+-> ssh-rsa QXZdow
+pLJHkOUl7t8yhuq+vytj+LHENNT71NJH/gS4cEMNhEkzZjc8ScSrhVgLl/TMGImh
+cb6yfRIccymVLL8gdXitIAk1srZjuwiZrFK4Ril/x8RKfV50GrHDMf+8Os3QNE05
+VprnYCbyKj05+/fHSSUDnQmAAe7wvi4iA2Aa5E4DWE7t+QcMB5epPMBdJoWX6ELS
+cYI7nDu32AIkYCODht9B5SChbwHACLqqG8CV5N2TfRBi6v7R2FaLhbbRvdAIQWQc
+x2TGI1utRURtxgs/WhQ6Sco1QNrIEO89a/78OGxrIT/PMAukvx2J2WG6iH/2LgX0
+H39680n3/YTTmL4OMWW+hKlzv4tdBsbgjR0sKRI/OzDrn/s0ZzA1JACwUn2ndOS/
+0EcvW5VLLd2PHvwABm2Biw7mhilC4D6d9YZu/9uFbmPCzlXO3zmeeSnw630gDWxX
+CRTEQMNE7+cdQy8j/upDBQOBnSSgmBMriuklsgcPZGnTkxWM7b9NOAeXavTucXhD
+9PART4hQomlvGBzKM6Ien9kgeDG9OA9WkM+2rvLWQLDy3T9Qo37d/4qLg3sPNr4M
+NUUSKRQKnA7i126ZrX/mUxcp3kJkCAsMX4GF6VMVobXshCSHqKhEWKwHuyPWI4rn
+gHUqvSMKDujkA6v+9UaZESQt8jKl+N44MDUMdfYwPyE
+-> ssh-ed25519 7eGqHw WIUvcH8xsrI0AcutXKxwhbrZifrb8vntIWCGDUW3qiI
+3IuBdZRAGA/nfEuakP2/E+QA07jBJjBlNtotGLZlkZQ
+-> ssh-rsa tO3rGg
+DOBhMzioILjlrOAdycMzSwDxgww5p8QAlV/L7ECBrBFscoWageW4GOyZVjtE/7Ot
+beG59oP8ra4lczXfPSOtY2qz8pN59vqw3WqG3TPMvR8xZDslVXE8nubfkoUohsG8
+1ZibaP/ygQSYHUfnLzebYBhk1N4u6jeIcxJXgTLhWLlvkv9+AKAcoHhSWVbKMbz+
+i8WLECJHuOeR43hJxuxvkPTWsu6HUB+yXT1J+dPcIe9W20CqX+CN0pjwSUJu0T0A
+tZf2NfkYmFnho2IEdxdKnGRDE2lvQmZjf1oQn7GWFqywlVB3eCOR6K/s1Tb4I2W1
+wybLuEndQBnUsUDQVs34OeN/5L3Pw40zksFSSVe3Fu5XxmWl1WemGWp1/jB7j6u7
+7bnOlAMUzpqQ9yom0oxXYwEC9pUtqPwYGKeAV9o5U3vVXMDWtEXXMCe0oDjJY8js
+e5xSOuaMi9CcVkU+HyjrEgw0uS4ymDWVghT4IVl8zNWeare5ALMcR/290xffaQyg
+
+--- DIW17nFtjI4Oo+Qoi0YzeLH8A6IVAQwhtELkXWWhtwo
+D*;ôCxAuçdrß¾ö0ð£ú1Ldæoòr´&JL4WíÌ!‚²=ê7:pÀØí*ûpVÙK³,0®rÎ»âãu¼¡ã­‹¶óWEâ{£q½7,Ôßÿk“¾²ºÎàäxÔ+^xDâº0g“K,ª(zØwáCË˜þ è{d}-FÜ
+õËþ¦TÌÍA„
\ No newline at end of file
diff --git a/secrets/ovh.age b/secrets/ovh.age
deleted file mode 100644
index 5a60fe0..0000000
--- a/secrets/ovh.age
+++ /dev/null
@@ -1,29 +0,0 @@
-age-encryption.org/v1
--> ssh-rsa QXZdow
-aYgowxTfdGOqTYOZBbkg/dH7f+m6nvVF/8qZX0DE4hazln/QS9maWbkOwD7FLldm
-HRNV/YwZZEhbujHbDqgxnXk7Q11KOA72864B6mF2VZUruyo0cnACqo7OyzwApqv/
-+LPjGb9h/gCJpQ3a5Jdh202FfaNGAh358fZVDyd37XPSOykiIAAxgMlDyn+96OiM
-P2vsyduWXDsqzCqtiNQrKVjryI5CIGOTAcYTgQ35S3uXFD8Gu27KfagUwZp2hdyp
-3WmGl+ZTrPNdOwzLWGj/RXaeTslABn1Owmq1naASRvJpp97ToynRzkDA50rBqUyR
-vGVB9IJxSjkSm3BJ4UAI6rpoz/6t2jkfNNE1cPix4AYjPAMyU+uiUSaZ/UBkwlXw
-08rM1eGcBaErB1ExcDV5+jUCdJBfi6Q9vIG7Ty4wbN1PfztAhzEyzT0L1bTn1AKC
-4S9n5lqFa1CdraK9eh2A+o9CNlkta+Z24ctPTVqBYtImBTKHOTofhr0omQdFV6M2
-bhxsOoAAoNhwn/lWC2fAcgfPQrUOW524+eHyPjsvf4rNNv0bk5EP1J4vMrWr9rqJ
-v5GEQ77YVXYQthiyg74XYc3Eo8sbtE+ncDoOquzdT385POd870qi1ht+JMY6OEmj
-q8lxVau2SFTKPkkmZKmtoNrYdKp5+DsB3nOUKcIXofs
--> ssh-ed25519 7eGqHw cCrhq1kfav4TYAUOpP4O6fQ958O37Uad2jX9SUrnxn4
-TSiMyrYsdblB5SFwZpw7HhmicWX1vNomhBP4HtlvHJo
--> ssh-rsa tO3rGg
-J6oPMt6hiry6ks3hlAjUAY1AzEYU+7voto5XC+I6Fmyfabz9zaJ3TtbCPVF5BRNR
-DOYLiD24EbcVoqECn2A2MRK1xH4owBD5YaE3Il2NwSJHhC+ZhROaMTu5mHxbzK/u
-BF2MLRZ0Bwwq4szaHoFf12TFwNtIRZXS9m6l4jHdsxWj6x0iui18p3JLxij1cVwE
-03rSWz+9c8bpZ6LHuPJAhatBZHSZwkKwH8Dn8NOxCLmVNRM4PyvJsj9lRn7fMwRY
-64QI2z6bRAry6oINbVAAOsPlM0Ix+7hbFs/UstnENFqfcDvPzrrhALDhuDLIJpGu
-WgAaMStZGjydy0oqHJceuduxVreqTlfiki7yruRFqRBgjMopwOsw5i9UPWR6SZ+E
-cUCFeEynUMrmFSp5qvDX0WtkU2G/GRFEPaB+k+UN+JduIRb2RBCLt2uG0249TwO8
-T4sq098XTM8wARgOv6n51lHFCPpM3iSbP5KMCYH9FhsJV0Qu9Q7157McNZuVL9Ie
-
---- KYLAPCcTkg/tF2c2ni4UaBTV5AhUleg8GgJH0oRQSK0
-½;¬jŒaç¾„ïÓÄ5`hÂŒø»æy;JúãÈå³C¢µ‡£ÏwX:eßøw³ù»ÜH
-Lhe’­jCÓ2¨ì"#Ëµ„=Î/Ç²ˆ1ÒÅÿ¼™^Nû$ÃéM·úqN…v1µØÁ–Ç”ç¸T¦ÌñÙ—Ç0FsÕ(WeõöË…¡˜Ý8|^‹iYFQæ3œ ¡Õ­
-A¤1­ïEÜÂÚM_=;•¸‚×jFÜVý[Ýät°¬{©w×…ÊÖ)
\ No newline at end of file