summaryrefslogtreecommitdiff
path: root/os/kay/modules/acme.nix
diff options
context:
space:
mode:
Diffstat (limited to 'os/kay/modules/acme.nix')
-rw-r--r--os/kay/modules/acme.nix31
1 files changed, 24 insertions, 7 deletions
diff --git a/os/kay/modules/acme.nix b/os/kay/modules/acme.nix
index 00819e7..86ae165 100644
--- a/os/kay/modules/acme.nix
+++ b/os/kay/modules/acme.nix
@@ -2,22 +2,39 @@
email = config.global.userdata.email;
domain = config.global.userdata.domain;
+ domain_angelo = "angeloantony.com";
+ secret_path_angelo = "misc/angelo_cloudflare_dns_api_token";
+
environmentFile =
pkgs.writeText "acme-dns" "RFC2136_NAMESERVER='[2001:470:ee65::1]:53'";
in {
+ sops.secrets.${secret_path_angelo} = {};
+
security.acme = {
acceptTerms = true;
defaults.email = email;
- certs.${domain} = {
- inherit domain;
- extraDomainNames = [ "*.${domain}" ];
+ certs = {
+ ${domain_angelo} = {
+ domain = domain_angelo;
+ extraDomainNames = [ "*.${domain_angelo}" ];
+
+ dnsProvider = "cloudflare";
+ credentialFiles.CLOUDFLARE_DNS_API_TOKEN_FILE = config.sops.secrets.${secret_path_angelo}.path;
+
+ group = config.services.nginx.group;
+ };
+
+ ${domain} = {
+ inherit domain;
+ extraDomainNames = [ "*.${domain}" ];
- dnsProvider = "rfc2136";
- dnsPropagationCheck = false; # local DNS server
+ dnsProvider = "rfc2136";
+ dnsPropagationCheck = false; # local DNS server
- inherit environmentFile;
- group = config.services.nginx.group;
+ inherit environmentFile;
+ group = config.services.nginx.group;
+ };
};
};
}