nixos-config/config/services/acme.nix

{config, ...}: {
  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "lotte@chir.rs";
      dnsProvider = "rfc2136";
      credentialsFile = "/run/secrets/security/acme/dns";
    };
    certs."darkkirb.de" = {
      domain = "*.darkkirb.de";
      extraDomainNames = ["darkkirb.de"];
    };
    certs."chir.rs" = {
      domain = "*.chir.rs";
      extraDomainNames = ["chir.rs"];
    };
    certs."int.chir.rs" = {
      domain = "*.int.chir.rs";
    };
    certs."shitallover.me" = {
      domain = "*.shitallover.me";
      extraDomainNames = ["shitallover.me"];
      dnsProvider = "gcloud";
      credentialsFile = config.sops.secrets."security/acme/gcloud".path;
      dnsResolver = "1.1.1.1:53";
    };
    certs."miifox.net" = {
      dnsProvider = "cloudflare";
      credentialsFile = "/run/secrets/security/acme/cloudflare";
      dnsResolver = "1.1.1.1:53";
    };
  };
  sops.secrets."security/acme/dns" = {};
  sops.secrets."security/acme/cloudflare" = {};
  sops.secrets."security/acme/gcloud" = {};
  sops.secrets."security/acme/gcloud.json".owner = "acme";
}
set up gcloud acme updates 2023-12-31 09:47:16 +00:00			`{config, ...}: {`
Add acme certificates 2022-01-14 16:44:25 +00:00			`security.acme = {`
			`acceptTerms = true;`
add a default block in the acme config 2022-01-14 17:03:14 +00:00			`defaults = {`
			`email = "lotte@chir.rs";`
			`dnsProvider = "rfc2136";`
			`credentialsFile = "/run/secrets/security/acme/dns";`
			`};`
Add acme certificates 2022-01-14 16:44:25 +00:00			`certs."darkkirb.de" = {`
			`domain = "*.darkkirb.de";`
reformat repo 2022-06-12 15:39:15 +00:00			`extraDomainNames = ["darkkirb.de"];`
Add acme certificates 2022-01-14 16:44:25 +00:00			`};`
			`certs."chir.rs" = {`
			`domain = "*.chir.rs";`
reformat repo 2022-06-12 15:39:15 +00:00			`extraDomainNames = ["chir.rs"];`
Add acme certificates 2022-01-14 16:44:25 +00:00			`};`
			`certs."int.chir.rs" = {`
			`domain = "*.int.chir.rs";`
			`};`
Add named on instance-20221213-1915 2022-12-14 17:02:17 +00:00			`certs."shitallover.me" = {`
			`domain = "*.shitallover.me";`
			`extraDomainNames = ["shitallover.me"];`
set up gcloud acme updates 2023-12-31 09:47:16 +00:00			`dnsProvider = "gcloud";`
			`credentialsFile = config.sops.secrets."security/acme/gcloud".path;`
specify dns resolver for shitallover.me 2023-12-31 10:34:20 +00:00			`dnsResolver = "1.1.1.1:53";`
Add named on instance-20221213-1915 2022-12-14 17:02:17 +00:00			`};`
fix: Add acme cert for miifox I thought this was automatic fix #45 2022-03-06 19:50:59 +00:00			`certs."miifox.net" = {`
			`dnsProvider = "cloudflare";`
			`credentialsFile = "/run/secrets/security/acme/cloudflare";`
			`dnsResolver = "1.1.1.1:53";`
			`};`
Add acme certificates 2022-01-14 16:44:25 +00:00			`};`
reformat repo 2022-06-12 15:39:15 +00:00			`sops.secrets."security/acme/dns" = {};`
			`sops.secrets."security/acme/cloudflare" = {};`
set up gcloud acme updates 2023-12-31 09:47:16 +00:00			`sops.secrets."security/acme/gcloud" = {};`
correct permission for gcloud.json 2023-12-31 10:07:22 +00:00			`sops.secrets."security/acme/gcloud.json".owner = "acme";`
Add acme certificates 2022-01-14 16:44:25 +00:00			`}`