forked from Deuxfleurs/nixcfg
7e88a88e04
We were hitting Let's Encrypt rate limits because we were generating thousands of non-sense certificates like "foo.bar.baz.garage.deuxfleurs.fr" See https://crt.sh Subdomains of garage.deuxfleurs.fr only make sense when accessing buckets through S3 with vhost-style, so let's enable the on-demand-tls check to make sure that the bucket exists in Garage. In the long term, we might want to have a wildcard certificate for this usage, or simply stop supporting vhost-style S3 access. |
||
---|---|---|
.. | ||
app | ||
node | ||
site | ||
cluster.nix | ||
known_hosts | ||
register_external_services.sh | ||
secretmgr.toml | ||
ssh_config |