]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/acme/sourcephile.fr.nix
sourcephile / git / sourcephile-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
acme: setup on losurdo too
[sourcephile-nix.git] / servers / mermet / acme / sourcephile.fr.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config.users) groups;
4 domain = "sourcephile.fr";
5 in
6 {
7 systemd.services."acme-${domain}".after = [
8 "unbound.service"
9 ];
10 security.acme.certs."${domain}" = {
11 email = "root@${domain}";
12 extraDomains = {
13 "*.${domain}" = null;
14 };
15 group = groups."acme".name;
16 allowKeysForGroup = true;
17 keyType = "rsa4096";
18 dnsProvider = "rfc2136";
19 credentialsFile = pkgs.writeText "credentials" ''
20 RFC2136_NAMESERVER=127.0.0.1:5353
21 LEGO_EXPERIMENTAL_CNAME_SUPPORT=1
22 '';
23 };
24 }
NixOS configurations for Sourcephile's infrastructure