{ config, lib, pkgs, self, ... }: let exDomain = (import ./ex-domain.nix) lib; pubsolarDomain = import ./pubsolar-domain.nix; hostingdeProviderConf = { dnsProvider = "hostingde"; credentialsFile = "${pkgs.writeText "hostingde-creds" '' HOSTINGDE_API_KEY_FILE=${config.age.secrets."hosting.de-api.key".path} ''}"; }; in { age.secrets."hosting.de-api.key" = { file = "${self}/secrets/hosting.de-api.key"; mode = "440"; group = "acme"; }; systemd.tmpfiles.rules = [ "d '/data/acme' 0750 root acme - -" ]; users.groups.acme = {}; ids.uids.acme = 997; ids.gids.acme = 997; containers.acme = { autoStart = true; privateNetwork = true; hostAddress = "192.168.101.0"; localAddress = "192.168.106.0"; hostAddress6 = "fc00::1"; localAddress6 = "fc00::6"; bindMounts = { "/var/lib/acme" = { hostPath = "/data/acme"; isReadOnly = false; }; "${config.age.secrets."hosting.de-api.key".path}" = { hostPath = "${config.age.secrets."hosting.de-api.key".path}"; isReadOnly = true; }; }; config = { networking.nameservers = ["1.1.1.1"]; users.groups.acme = config.users.groups.acme; security.acme = { acceptTerms = true; defaults.email = "acme@benjaminbaedorf.eu"; defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; defaults.group = "acme"; certs."b12f.io" = hostingdeProviderConf; certs."mail.b12f.io" = hostingdeProviderConf; certs."transmission.b12f.io" = hostingdeProviderConf; certs."${exDomain}" = hostingdeProviderConf; certs."mail.${exDomain}" = hostingdeProviderConf; certs."${pubsolarDomain}" = hostingdeProviderConf; certs."www.${pubsolarDomain}" = hostingdeProviderConf; certs."auth.${pubsolarDomain}" = hostingdeProviderConf; certs."git.${pubsolarDomain}" = hostingdeProviderConf; certs."ci.${pubsolarDomain}" = hostingdeProviderConf; certs."list.${pubsolarDomain}" = hostingdeProviderConf; certs."obs-portal.${pubsolarDomain}" = hostingdeProviderConf; }; }; }; }