2022-02-16 05:01:12 +00:00
|
|
|
{ config, pkgs, lib, ... }:
|
2021-11-15 10:02:05 +00:00
|
|
|
let
|
|
|
|
cfg = config.services.userdata;
|
2023-07-28 00:00:17 +00:00
|
|
|
dnsPropagationCheckExceptions = [ "DIGITALOCEAN" ];
|
2021-11-15 10:02:05 +00:00
|
|
|
in
|
|
|
|
{
|
|
|
|
users.groups.acmerecievers = {
|
|
|
|
members = [ "nginx" "dovecot2" "postfix" "virtualMail" "ocserv" ];
|
|
|
|
};
|
|
|
|
security.acme = {
|
|
|
|
acceptTerms = true;
|
2022-11-16 08:02:20 +00:00
|
|
|
defaults = {
|
|
|
|
email = "${cfg.username}@${cfg.domain}";
|
|
|
|
server = if cfg.dns.useStagingACME then "https://acme-staging-v02.api.letsencrypt.org/directory" else "https://acme-v02.api.letsencrypt.org/directory";
|
2023-07-28 00:00:17 +00:00
|
|
|
dnsPropagationCheck = if lib.elem cfg.dns.provider dnsPropagationCheckExceptions then false else true;
|
2023-06-14 16:06:58 +00:00
|
|
|
reloadServices = [ "nginx" ];
|
2022-11-16 08:02:20 +00:00
|
|
|
};
|
2022-02-16 04:59:59 +00:00
|
|
|
certs = lib.mkForce {
|
2023-07-21 17:59:34 +00:00
|
|
|
"wildcard-${cfg.domain}" = {
|
2021-11-15 10:02:05 +00:00
|
|
|
domain = "*.${cfg.domain}";
|
|
|
|
group = "acmerecievers";
|
2023-06-05 12:45:07 +00:00
|
|
|
dnsProvider = lib.strings.toLower cfg.dns.provider;
|
2021-11-17 08:54:36 +00:00
|
|
|
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
|
2021-11-15 10:02:05 +00:00
|
|
|
};
|
2023-07-21 17:59:34 +00:00
|
|
|
"${cfg.domain}" = {
|
|
|
|
domain = cfg.domain;
|
|
|
|
group = "acmerecievers";
|
|
|
|
webroot = "/var/lib/acme/acme-challenge";
|
|
|
|
};
|
2021-11-15 10:02:05 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|