2023-09-17 19:51:08 +00:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
...
|
|
|
|
}:
|
|
|
|
with lib; let
|
2024-05-30 12:34:59 +00:00
|
|
|
name = "acme";
|
|
|
|
cfg = config.services.skynet."${name}";
|
2023-09-17 19:51:08 +00:00
|
|
|
in {
|
2023-08-06 18:56:22 +00:00
|
|
|
imports = [];
|
2023-04-20 18:03:11 +00:00
|
|
|
|
2024-05-30 12:34:59 +00:00
|
|
|
options.services.skynet."${name}" = {
|
|
|
|
domains = lib.mkOption {
|
|
|
|
default = [];
|
|
|
|
type = lib.types.listOf lib.types.str;
|
|
|
|
description = ''
|
|
|
|
A list of domains to use for this server.
|
|
|
|
'';
|
2023-04-20 18:03:11 +00:00
|
|
|
};
|
2023-08-06 18:56:22 +00:00
|
|
|
};
|
2024-05-30 12:34:59 +00:00
|
|
|
|
2023-08-06 18:56:22 +00:00
|
|
|
config = {
|
|
|
|
# group that will own the certificates
|
|
|
|
users.groups.acme = {};
|
|
|
|
|
|
|
|
age.secrets.acme.file = ../secrets/dns_certs.secret.age;
|
|
|
|
|
|
|
|
security.acme = {
|
|
|
|
preliminarySelfsigned = false;
|
|
|
|
acceptTerms = true;
|
|
|
|
|
|
|
|
defaults = {
|
|
|
|
email = "admin_acme@skynet.ie";
|
|
|
|
credentialsFile = config.age.secrets.acme.path;
|
|
|
|
};
|
2023-04-20 18:03:11 +00:00
|
|
|
|
2023-08-06 18:56:22 +00:00
|
|
|
certs = {
|
|
|
|
"skynet" = {
|
2024-11-05 17:39:56 +00:00
|
|
|
# we use our own dns authorative server for verifying we own the domain.
|
|
|
|
dnsProvider = "rfc2136";
|
2023-08-06 18:56:22 +00:00
|
|
|
domain = "skynet.ie";
|
2024-07-09 21:16:09 +00:00
|
|
|
extraDomainNames = lists.naturalSort cfg.domains;
|
2023-08-06 18:56:22 +00:00
|
|
|
};
|
2023-04-20 18:03:11 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|