summaryrefslogtreecommitdiff
path: root/services/acme_server.nix
diff options
context:
space:
mode:
Diffstat (limited to 'services/acme_server.nix')
-rw-r--r--services/acme_server.nix23
1 files changed, 23 insertions, 0 deletions
diff --git a/services/acme_server.nix b/services/acme_server.nix
new file mode 100644
index 0000000..bd6961b
--- /dev/null
+++ b/services/acme_server.nix
@@ -0,0 +1,23 @@
+{ fqdn }: { pkgs, config, lib, ... }:
+let
+ inherit fqdn;
+in
+{
+ users.groups.acme = { };
+
+ /* trigger the actual certificate generation for additional hostname */
+ security.acme.certs."${fqdn}" = {
+ extraDomainNames = [ "mail.crashoverburn.com"];
+ };
+
+ secrix.system.secrets.dns01.encrypted.file = ../secrets/gandi_dns01_token;
+ # Configure ACME appropriately
+ security.acme.acceptTerms = true;
+ security.acme.defaults = {
+ dnsProvider = "gandiv5";
+ group = "acme";
+ environmentFile = config.secrix.system.secrets.dns01.decrypted.path;
+ # We don't need to wait for propagation since this is a local DNS server
+ dnsPropagationCheck = false;
+ };
+}