1 { pkgs, lib, config, ... }:
3 inherit (config.users) groups;
4 domain = "sourcephile.fr";
7 systemd.services."acme-${domain}".after = [
10 security.acme.certs."${domain}" = {
11 email = "root@${domain}";
15 group = groups."acme".name;
16 allowKeysForGroup = true;
18 dnsProvider = "rfc2136";
19 credentialsFile = pkgs.writeText "credentials" ''
20 RFC2136_NAMESERVER=127.0.0.1:5353
21 LEGO_EXPERIMENTAL_CNAME_SUPPORT=1