selfprivacy-nixos-config/letsencrypt/acme.nix
Inex Code ab27cbd27a fix: do not use DNS challenge for root domain TLS
Previous solution made ACME create two TXT records
on the same subdomain, creating the conflict
2023-10-18 13:59:42 +03:00

27 lines
793 B
Nix

{ config, pkgs, lib, ... }:
let
cfg = config.services.userdata;
in
{
users.groups.acmerecievers = {
members = [ "nginx" "dovecot2" "postfix" "virtualMail" "ocserv" ];
};
security.acme = {
acceptTerms = true;
defaults = {
email = "${cfg.username}@${cfg.domain}";
server = if cfg.dns.useStagingACME then "https://acme-staging-v02.api.letsencrypt.org/directory" else "https://acme-v02.api.letsencrypt.org/directory";
dnsPropagationCheck = false;
reloadServices = [ "nginx" ];
};
certs = lib.mkForce {
"${cfg.domain}" = {
domain = "*.${cfg.domain}";
group = "acmerecievers";
dnsProvider = lib.strings.toLower cfg.dns.provider;
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
};
};
};
}