os/hosts/nougat-2/acme.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

44 lines
1.2 KiB
Nix
Raw Normal View History

2023-07-02 10:48:34 +00:00
{
config,
lib,
pkgs,
self,
...
}: let
exDomain = (import ./ex-domain.nix) lib;
pubsolarDomain = import ./pubsolar-domain.nix;
hostingdeProviderConf = {
dnsProvider = "hostingde";
credentialsFile = "${pkgs.writeText "hostingde-creds" ''
HOSTINGDE_API_KEY_FILE=${config.age.secrets."hosting.de-api.key".path}
''}";
};
in {
age.secrets."hosting.de-api.key" = {
file = "${self}/secrets/hosting.de-api.key";
mode = "440";
owner = "acme";
};
security.acme = {
acceptTerms = true;
defaults.email = "acme@benjaminbaedorf.eu";
certs."b12f.io" = hostingdeProviderConf;
certs."mail.b12f.io" = hostingdeProviderConf;
certs."transmission.b12f.io" = hostingdeProviderConf;
certs."${exDomain}" = hostingdeProviderConf;
certs."mail.${exDomain}" = hostingdeProviderConf;
certs."${pubsolarDomain}" = hostingdeProviderConf;
certs."www.${pubsolarDomain}" = hostingdeProviderConf;
certs."auth.${pubsolarDomain}" = hostingdeProviderConf;
certs."git.${pubsolarDomain}" = hostingdeProviderConf;
certs."ci.${pubsolarDomain}" = hostingdeProviderConf;
certs."list.${pubsolarDomain}" = hostingdeProviderConf;
certs."obs-portal.${pubsolarDomain}" = hostingdeProviderConf;
};
}