From e01b0eddb67752353ec65975de6b6717486884d6 Mon Sep 17 00:00:00 2001
From: Brendan Golden <git_laptop@brendan.ie>
Date: Thu, 20 Apr 2023 19:03:11 +0100
Subject: [PATCH] acme: frontend with acme itself

---
 applications/acme.nix | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 applications/acme.nix

diff --git a/applications/acme.nix b/applications/acme.nix
new file mode 100644
index 0000000..c0b062c
--- /dev/null
+++ b/applications/acme.nix
@@ -0,0 +1,34 @@
+{
+  # group that will own the certificates
+  users.groups.acme = {};
+
+  age.secrets.acme.file = ../secrets/dns_certs.secret.age;
+
+  security.acme = {
+    preliminarySelfsigned = false;
+    acceptTerms = true;
+
+    defaults = {
+      email = "admin_acme@skynet.ie";
+      dnsProvider = "rfc2136";
+      credentialsFile = "/run/agenix/acme";
+
+      # We don't need to wait for propagation since this is a local DNS server
+      dnsPropagationCheck = false;
+    };
+
+    certs = {
+      "skynet" = {
+        domain = "skynet.ie";
+        extraDomainNames = ["*.skynet.ie" ];
+      };
+
+
+      # temp basis
+      #"ulcompsoc.ie" = {
+      #  domain = "ulcompsoc.ie";
+      #  extraDomainNames = ["*.ulcompsoc.ie" ];
+      #};
+    };
+  };
+}