hosts/kay/modules/acme.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

{ config, pkgs, ... }: let
  email = config.userdata.email;
  domain = config.userdata.domain;

  environmentFile =
    pkgs.writeText "acme-dns" "RFC2136_NAMESERVER='[2001:470:ee65::1]:53'";
in {
  security.acme = {
    acceptTerms = true;
    defaults.email = email;

    certs.${domain} = {
      inherit domain;
      extraDomainNames = [ "*.${domain}" ];

      dnsProvider = "rfc2136";
      dnsPropagationCheck = false; # local DNS server

      inherit environmentFile;
      group = config.services.nginx.group;
    };
  };
}