nixos/applications/acme.nix

60 lines
1.3 KiB
Nix
Raw Normal View History

{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.skynet_acme;
in {
2023-08-06 18:56:22 +00:00
imports = [];
2023-04-20 18:03:11 +00:00
options = {
skynet_acme = {
domains = lib.mkOption {
default = [];
type = lib.types.listOf lib.types.str;
description = ''
A list of domains to use for this server.
'';
};
domains_mail = lib.mkOption {
default = [];
type = lib.types.listOf lib.types.str;
description = ''
A list of domains to use for the mailserver.
'';
};
2023-04-20 18:03:11 +00:00
};
2023-08-06 18:56:22 +00:00
};
config = {
# group that will own the certificates
users.groups.acme = {};
age.secrets.acme.file = ../secrets/dns_certs.secret.age;
security.acme = {
preliminarySelfsigned = false;
acceptTerms = true;
defaults = {
email = "admin_acme@skynet.ie";
# we use our own dns authorative server for verifying we own the domain.
dnsProvider = "rfc2136";
credentialsFile = config.age.secrets.acme.path;
};
2023-04-20 18:03:11 +00:00
2023-08-06 18:56:22 +00:00
certs = {
"skynet" = {
domain = "skynet.ie";
extraDomainNames = cfg.domains;
};
"mail" = {
domain = "mail.skynet.ie";
extraDomainNames = cfg.domains_mail;
};
2023-04-20 18:03:11 +00:00
};
};
};
}