os/kay/modules/acme.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

{ config, pkgs, ... }:
let
  email = config.global.userdata.email;
  domain = config.global.userdata.domain;

  environmentFile = pkgs.writeText "acme-dns" "RFC2136_NAMESERVER='[2001:470:ee65::1]:53'";
in
{
  security.acme = {
    acceptTerms = true;
    defaults.email = email;

    certs.${domain} = {
      inherit domain;
      extraDomainNames = [ "*.${domain}" ];

      dnsProvider = "rfc2136";
      dnsPropagationCheck = false; # local DNS server

      inherit environmentFile;
      group = config.services.nginx.group;
    };
  };
}