6 files changed, 107 insertions, 7 deletions

diff --git a/theos/certs/gallery_remmy_foo.sls b/theos/certs/gallery_remmy_foo.sls
new file mode 100644
index 0000000..a417240
--- /dev/null
+++ b/theos/certs/gallery_remmy_foo.sls
@@ -0,0 +1,28 @@
+include:
+  - nginx
+
+gallery.remmy.foo:
+  acme.cert:
+    - email: johannes@kyriasis.com
+    - webroot: /srv/http/
+    - keysize: 4096
+    - renew: 30
+
+    - watch_in:
+      - service: nginx_service
+    - require_in:
+      - service: nginx_service
+
+gallery-static.remmy.foo:
+  acme.cert:
+    - email: johannes@kyriasis.com
+    - webroot: /srv/http/
+    - keysize: 4096
+    - renew: 30
+
+    - watch_in:
+      - service: nginx_service
+    - require_in:
+      - service: nginx_service
+
+# vim: set ft=yaml et:
diff --git a/theos/certs/init.sls b/theos/certs/init.sls
index 82b7907..79b34de 100644
--- a/theos/certs/init.sls
+++ b/theos/certs/init.sls
@@ -1,16 +1,23 @@
 include:
-  - .kyriasis_com
-  - .theos_kyriasis_com
-  - .xan_kyriasis_com
+  - .actual_kyriasis_com
   - .git_kyriasis_com
-  - .taskd_kyriasis_com
-  - .miniflux_kyriasis_com
   - .grafana_kyriasis_com
+  - .kyriasis_com
+  - .miniflux_kyriasis_com
   - .prometheus_kyriasis_com
   - .repsys_kyriasis_com
-  - .remmy_io
+  - .taskd_kyriasis_com
+  - .theos_kyriasis_com
+  - .vault_kyriasis_com
+  - .xan_kyriasis_com
+
+  - .gallery_remmy_foo
+  - .remmy_foo
+
   - .gallery_remmy_io
-  - .actual_kyriasis_com
+  - .remmy_io
+
+  - .pie_in_the_sky_kitchen
 
 /etc/letsencrypt/archive:
   file.directory:
diff --git a/theos/certs/kyriasis_com.sls b/theos/certs/kyriasis_com.sls
index 68bb7ab..b2f0ca0 100644
--- a/theos/certs/kyriasis_com.sls
+++ b/theos/certs/kyriasis_com.sls
@@ -3,6 +3,8 @@ include:
 
 kyriasis.com:
   acme.cert:
+    - aliases:
+      - www.kyriasis.com
     - email: johannes@kyriasis.com
     - webroot: /srv/http/
     - keysize: 4096
@@ -27,4 +29,14 @@ kyriasis.com:
     - group: synapse
     - mode: 600
 
+prosody-access-kyriasis.com-cert:
+  acl.present:
+    - name: /etc/letsencrypt/archive/kyriasis.com/
+    - acl_type: user
+    - acl_name: prosody
+    - perms: r-x
+    - recurse: True
+    - require_in:
+      - acme: kyriasis.com
+
 # vim: set ft=yaml et:
diff --git a/theos/certs/pie_in_the_sky_kitchen.sls b/theos/certs/pie_in_the_sky_kitchen.sls
new file mode 100644
index 0000000..79182b1
--- /dev/null
+++ b/theos/certs/pie_in_the_sky_kitchen.sls
@@ -0,0 +1,18 @@
+include:
+  - nginx
+
+pie-in-the-sky.kitchen:
+  acme.cert:
+    - aliases:
+      - www.pie-in-the-sky.kitchen
+    - email: johannes@kyriasis.com
+    - webroot: /srv/http/
+    - keysize: 4096
+    - renew: 30
+
+    - watch_in:
+      - service: nginx_service
+    - require_in:
+      - service: nginx_service
+
+# vim: set ft=yaml et:
diff --git a/theos/certs/remmy_foo.sls b/theos/certs/remmy_foo.sls
new file mode 100644
index 0000000..588c05d
--- /dev/null
+++ b/theos/certs/remmy_foo.sls
@@ -0,0 +1,18 @@
+include:
+  - nginx
+
+remmy.foo:
+  acme.cert:
+    - aliases:
+      - www.remmy.foo
+    - email: johannes@kyriasis.com
+    - webroot: /srv/http/
+    - keysize: 4096
+    - renew: 30
+
+    - watch_in:
+      - service: nginx_service
+    - require_in:
+      - service: nginx_service
+
+# vim: set ft=yaml et:
diff --git a/theos/certs/vault_kyriasis_com.sls b/theos/certs/vault_kyriasis_com.sls
new file mode 100644
index 0000000..ae7dfca
--- /dev/null
+++ b/theos/certs/vault_kyriasis_com.sls
@@ -0,0 +1,17 @@
+include:
+  - nginx
+
+vault.kyriasis.com:
+  acme.cert:
+    - email: johannes@kyriasis.com
+    - webroot: /srv/http/
+    - keysize: 4096
+    - renew: 30
+
+    - watch_in:
+      - service: nginx_service
+    - require_in:
+      - service: nginx_service
+
+
+# vim: set ft=yaml et: