fixup

1 files changed, 23 insertions, 0 deletions

diff --git a/services/acme_server.nix b/services/acme_server.nix
new file mode 100644
index 0000000..bd6961b
--- /dev/null
+++ b/services/acme_server.nix
@@ -0,0 +1,23 @@
+{ fqdn }: { pkgs, config, lib, ... }:
+let
+  inherit fqdn;
+in
+{
+  users.groups.acme = { };
+
+  /* trigger the actual certificate generation for additional hostname */
+  security.acme.certs."${fqdn}" = {
+    extraDomainNames = [ "mail.crashoverburn.com"];
+  };
+
+  secrix.system.secrets.dns01.encrypted.file = ../secrets/gandi_dns01_token;
+  # Configure ACME appropriately
+  security.acme.acceptTerms = true;
+  security.acme.defaults = {
+    dnsProvider = "gandiv5";
+    group = "acme";
+    environmentFile = config.secrix.system.secrets.dns01.decrypted.path;
+    # We don't need to wait for propagation since this is a local DNS server
+    dnsPropagationCheck = false;
+  };
+}