30 lines
679 B
Nix
30 lines
679 B
Nix
{
|
|
flake,
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: {
|
|
age.secrets."hosting-de-acme-secrets" = {
|
|
file = "${flake.self}/secrets/hosting-de-acme-secrets.age";
|
|
mode = "400";
|
|
owner = "acme";
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
|
|
defaults = {
|
|
email = "acme@benjaminbaedorf.eu";
|
|
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
dnsProvider = "hostingde";
|
|
dnsPropagationCheck = true;
|
|
# We check via dns0 directly or unbound will be in our way
|
|
dnsResolver = "193.110.81.0";
|
|
credentialsFile = config.age.secrets."hosting-de-acme-secrets".path;
|
|
group = "nginx";
|
|
webroot = null;
|
|
};
|
|
};
|
|
}
|