mirror of
https://github.com/Stunkymonkey/nixos.git
synced 2025-10-31 17:52:10 +01:00
36 lines
912 B
Nix
36 lines
912 B
Nix
# automatic certificates
|
|
{ config, lib, ... }:
|
|
let
|
|
cfg = config.my.services.acme;
|
|
inherit (config.networking) domain;
|
|
in
|
|
{
|
|
options.my.services.acme = with lib; {
|
|
enable = mkEnableOption "ACME certificates";
|
|
|
|
credentialsFile = mkOption {
|
|
type = types.str;
|
|
example = "/var/lib/acme/creds.env";
|
|
description = ''
|
|
INWX API key file as an 'EnvironmentFile' (see `systemd.exec(5)`)
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
security.acme = {
|
|
defaults.email = "server@buehler.rocks";
|
|
# this is specially needed for inwx and does not work without it
|
|
defaults.dnsResolver = "ns.inwx.de";
|
|
acceptTerms = true;
|
|
# Use DNS wildcard certificate
|
|
certs = {
|
|
"${domain}" = {
|
|
extraDomainNames = [ "*.${domain}" ];
|
|
dnsProvider = "inwx";
|
|
inherit (cfg) credentialsFile;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|