servers/mermet/acme/autogeree.net.nix

   1 { pkgs, lib, config, ... }:
   2 let
   3   inherit (config.users) groups;
   4   domain = "autogeree.net";
   5 in
   6 {
   7 systemd.services."acme-${domain}".after = [
   8   "unbound.service"
   9 ];
  10 security.acme.certs."${domain}" = {
  11   email = "root+letsencrypt@${domain}";
  12   extraDomains = {
  13     "*.${domain}" = null;
  14   };
  15   group = groups."acme".name;
  16   allowKeysForGroup = true;
  17   keyType = "rsa4096";
  18   dnsProvider = "rfc2136";
  19   credentialsFile = pkgs.writeText "credentials" ''
  20     RFC2136_NAMESERVER=127.0.0.1:5353
  21     RFC2136_PROPAGATION_TIMEOUT=1000
  22     RFC2136_POLLING_INTERVAL=30
  23     RFC2136_SEQUENCE_INTERVAL=30
  24     RFC2136_DNS_TIMEOUT=1000
  25     RFC2136_TTL=1
  26   '';
  27 };
  28 }