blob: d28bfc7da55b7c86e8ba877279edf298a9da33d1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
let
poorObfuscation = y: x: "${x}@${y}";
in
{
security.acme = {
acceptTerms = true;
defaults.email = poorObfuscation "sefidel.com" "postmaster";
certs = {
"sefidel.com" = {
domain = "sefidel.com";
extraDomainNames = [
"bouncer.sefidel.com"
"git.sefidel.com"
];
dnsProvider = "hetzner";
dnsPropagationCheck = true;
credentialsFile = "/persist/secrets/hetzner.key";
};
};
};
environment.persistence."/persist".directories = [
"/var/lib/acme"
];
deployment.keys."hetzner.key" = {
keyCommand = [ "pass" "show" "server/hetzner-dns" ];
destDir = "/persist/secrets";
};
}
|