nixos-config/config/services/acme.nix

32 lines
877 B
Nix
Raw Normal View History

2022-01-14 16:44:25 +00:00
{ ... }: {
security.acme = {
acceptTerms = true;
2022-01-14 17:03:14 +00:00
defaults = {
email = "lotte@chir.rs";
dnsProvider = "rfc2136";
credentialsFile = "/run/secrets/security/acme/dns";
};
2022-01-14 16:44:25 +00:00
certs."darkkirb.de" = {
domain = "*.darkkirb.de";
2022-01-14 16:45:35 +00:00
extraDomainNames = [ "darkkirb.de" ];
2022-01-14 16:44:25 +00:00
};
certs."chir.rs" = {
domain = "*.chir.rs";
2022-01-14 16:45:35 +00:00
extraDomainNames = [ "chir.rs" ];
2022-01-14 16:44:25 +00:00
};
certs."int.chir.rs" = {
domain = "*.int.chir.rs";
};
certs."miifox.net" = {
dnsProvider = "cloudflare";
credentialsFile = "/run/secrets/security/acme/cloudflare";
dnsResolver = "1.1.1.1:53";
};
2022-01-14 16:44:25 +00:00
};
services.nginx.group = "acme";
systemd.services.nginx.serviceConfig.ProtectHome = false;
sops.secrets."security/acme/dns" = { };
sops.secrets."security/acme/dns2" = { };
sops.secrets."security/acme/cloudflare" = { };
2022-01-14 16:44:25 +00:00
}