44 lines
740 B
Nix
44 lines
740 B
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
outputs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "aliceghuston@gmail.com";
|
|
certs."nayeonie.com" = {
|
|
dnsProvider = "bunny";
|
|
environmentFile = config.sops.secrets."acme/bunny".path;
|
|
dnsPropagationCheck = false;
|
|
group = "haproxy";
|
|
extraDomainNames = [
|
|
"*.nayeonie.com"
|
|
# "alicehuston.xyz"
|
|
# "*.alicehuston.xyz"
|
|
];
|
|
};
|
|
};
|
|
|
|
systemd.services."acme-nayeonie.com.service".path = lib.mkForce (
|
|
with pkgs;
|
|
[
|
|
coreutils
|
|
diffutils
|
|
openssl
|
|
]
|
|
++ [
|
|
outputs.packages.x86_64-linux.lego-latest
|
|
]
|
|
);
|
|
|
|
sops.secrets = {
|
|
"acme/bunny" = {
|
|
owner = "root";
|
|
};
|
|
};
|
|
}
|