diff --git a/applications/acme.nix b/applications/acme.nix new file mode 100644 index 0000000..c0b062c --- /dev/null +++ b/applications/acme.nix @@ -0,0 +1,34 @@ +{ + # group that will own the certificates + users.groups.acme = {}; + + age.secrets.acme.file = ../secrets/dns_certs.secret.age; + + security.acme = { + preliminarySelfsigned = false; + acceptTerms = true; + + defaults = { + email = "admin_acme@skynet.ie"; + dnsProvider = "rfc2136"; + credentialsFile = "/run/agenix/acme"; + + # We don't need to wait for propagation since this is a local DNS server + dnsPropagationCheck = false; + }; + + certs = { + "skynet" = { + domain = "skynet.ie"; + extraDomainNames = ["*.skynet.ie" ]; + }; + + + # temp basis + #"ulcompsoc.ie" = { + # domain = "ulcompsoc.ie"; + # extraDomainNames = ["*.ulcompsoc.ie" ]; + #}; + }; + }; +}