]> Git — Sourcephile - sourcephile-nix.git/blob - machines/losurdo/acme.nix
tor: improve type-checking and hardening
[sourcephile-nix.git] / machines / losurdo / acme.nix
1 { pkgs, lib, config, ... }:
2 let
3 inherit (builtins) elem attrValues;
4 inherit (config.users) users groups;
5 in
6 {
7 imports = [
8 acme/autogeree.net.nix
9 acme/sourcephile.fr.nix
10 ];
11 security.acme = {
12 acceptTerms = true;
13 };
14 environment.systemPackages = [
15 pkgs.lego
16 ];
17 /*
18 users.users.acme = {
19 home = "/var/lib/acme";
20 group = groups."acme".name;
21 # Set a static UID to install the credentialFile
22 # with acme:root perms before the system switch
23 uid = 14;
24 isSystemUser = true;
25 };
26 assertions = [
27 { assertion = ! elem users.acme.uid (attrValues config.ids.uids);
28 message = ''
29 Unix user ID ${toString users.acme.uid} is already taken in config.ids.uids: change for a free UID.
30 '';
31 }
32 ];
33 */
34 users.groups = {
35 acme = {};
36 };
37
38 }