Brendan Golden
48b7cd2e54
Some checks failed
Build_Deploy / linter (push) Successful in 15s
Build_Deploy / build (push) Successful in 32s
Build_Deploy / deploy_dns (push) Successful in 1m24s
Build_Deploy / deploy_active (active) (push) Successful in 1m23s
Build_Deploy / deploy_active (active-ext) (push) Successful in 43s
Build_Deploy / deploy_active (active-core) (push) Failing after 4m5s
47 lines
959 B
Nix
47 lines
959 B
Nix
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
with lib; let
|
|
name = "acme";
|
|
cfg = config.services.skynet."${name}";
|
|
in {
|
|
imports = [];
|
|
|
|
options.services.skynet."${name}" = {
|
|
domains = lib.mkOption {
|
|
default = [];
|
|
type = lib.types.listOf lib.types.str;
|
|
description = ''
|
|
A list of domains to use for this server.
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = {
|
|
# group that will own the certificates
|
|
users.groups.acme = {};
|
|
|
|
age.secrets.acme.file = ../secrets/dns_certs.secret.age;
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
|
|
defaults = {
|
|
email = "admin_acme@skynet.ie";
|
|
credentialsFile = config.age.secrets.acme.path;
|
|
# we use our own dns authorative server for verifying we own the domain.
|
|
dnsProvider = "rfc2136";
|
|
};
|
|
|
|
certs = {
|
|
"skynet" = {
|
|
domain = "skynet.ie";
|
|
extraDomainNames = lists.naturalSort cfg.domains;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|