felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2025-05-24 18:04:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

service/acme: split from nginx

Browse source
This commit is contained in:
Felix Buehler 2025-01-22 00:48:12 +01:00
parent 0314eeabd6
commit bd2da85ef0
5 changed files with 45 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

19
modules/services/nginx/default.nix
View file

@ -448,24 +448,5 @@ in
];
# Nginx needs to be able to read the certificates
users.users.nginx.extraGroups = [ "acme" ];
security.acme = {
defaults.email = "server@buehler.rocks";
# this is specially needed for inwx and does not work without it
defaults.dnsResolver = "ns.inwx.de";
acceptTerms = true;
# Use DNS wildcard certificate
certs =
let
inherit (config.networking) domain;
in
with pkgs;
{
"${domain}" = {
extraDomainNames = [ "*.${domain}" ];
dnsProvider = "inwx";
inherit (cfg.acme) credentialsFile;
};
};
};
};
}