selfprivacy-nixos-config/letsencrypt/acme.nix

33 lines
1.1 KiB
Nix
Raw Normal View History

2022-02-16 05:01:12 +00:00
{ config, pkgs, lib, ... }:
2021-11-15 10:02:05 +00:00
let
cfg = config.services.userdata;
dnsPropagationCheckExceptions = [ "DIGITALOCEAN" ];
2021-11-15 10:02:05 +00:00
in
{
users.groups.acmerecievers = {
members = [ "nginx" "dovecot2" "postfix" "virtualMail" "ocserv" ];
};
security.acme = {
acceptTerms = true;
defaults = {
email = "${cfg.username}@${cfg.domain}";
server = if cfg.dns.useStagingACME then "https://acme-staging-v02.api.letsencrypt.org/directory" else "https://acme-v02.api.letsencrypt.org/directory";
dnsPropagationCheck = if lib.elem cfg.dns.provider dnsPropagationCheckExceptions then false else true;
2023-06-14 16:06:58 +00:00
reloadServices = [ "nginx" ];
};
certs = lib.mkForce {
2023-07-21 17:59:34 +00:00
"wildcard-${cfg.domain}" = {
2021-11-15 10:02:05 +00:00
domain = "*.${cfg.domain}";
group = "acmerecievers";
dnsProvider = lib.strings.toLower cfg.dns.provider;
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
2021-11-15 10:02:05 +00:00
};
2023-07-21 17:59:34 +00:00
"${cfg.domain}" = {
domain = cfg.domain;
group = "acmerecievers";
webroot = "/var/lib/acme/acme-challenge";
};
2021-11-15 10:02:05 +00:00
};
};
}