blob: bd6961bc6259e33c8b9b5ab943b2ae54841085aa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
{ fqdn }: { pkgs, config, lib, ... }:
let
inherit fqdn;
in
{
users.groups.acme = { };
/* trigger the actual certificate generation for additional hostname */
security.acme.certs."${fqdn}" = {
extraDomainNames = [ "mail.crashoverburn.com"];
};
secrix.system.secrets.dns01.encrypted.file = ../secrets/gandi_dns01_token;
# Configure ACME appropriately
security.acme.acceptTerms = true;
security.acme.defaults = {
dnsProvider = "gandiv5";
group = "acme";
environmentFile = config.secrix.system.secrets.dns01.decrypted.path;
# We don't need to wait for propagation since this is a local DNS server
dnsPropagationCheck = false;
};
}
|
