diff options
Diffstat (limited to 'nixos/cobalt/services/acme.nix')
-rw-r--r-- | nixos/cobalt/services/acme.nix | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/nixos/cobalt/services/acme.nix b/nixos/cobalt/services/acme.nix new file mode 100644 index 0000000..b41ae1c --- /dev/null +++ b/nixos/cobalt/services/acme.nix @@ -0,0 +1,26 @@ +let + poorObfuscation = y: x: "${x}@${y}"; +in +{ + security.acme = { + acceptTerms = true; + defaults.email = poorObfuscation "sefidel.com" "postmaster"; + certs = { + "sefidel.com" = { + domain = "*.sefidel.com"; + dnsProvider = "hetzner"; + dnsPropagationCheck = true; + credentialsFile = "/persist/secrets/hetzner.key"; + }; + }; + }; + + environment.persistence."/persist".directories = [ + "/var/lib/acme" + ]; + + deployment.keys."hetzner.key" = { + keyCommand = [ "pass" "show" "server/hetzner-dns" ]; + destDir = "/persist/secrets"; + }; +} |