]> Git — Sourcephile - sourcephile-nix.git/blob - servers/mermet/acme/autogeree.net.nix
nix: fix install and security.pass
[sourcephile-nix.git] / servers / mermet / acme / autogeree.net.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (config.users) groups;
4 domain = "autogeree.net";
5 in
6 {
7 systemd.services."acme-${domain}".after = [
8 "unbound.service"
9 ];
10 security.acme.certs."${domain}" = {
11 email = "root+letsencrypt@${domain}";
12 extraDomains = {
13 "*.${domain}" = null;
14 };
15 group = groups."acme".name;
16 allowKeysForGroup = true;
17 keyType = "rsa4096";
18 dnsProvider = "rfc2136";
19 credentialsFile = pkgs.writeText "credentials" ''
20 RFC2136_NAMESERVER=127.0.0.1:5353
21 RFC2136_PROPAGATION_TIMEOUT=1000
22 RFC2136_POLLING_INTERVAL=30
23 RFC2136_SEQUENCE_INTERVAL=30
24 RFC2136_DNS_TIMEOUT=1000
25 RFC2136_TTL=1
26 '';
27 };
28 }