diff options
author | Franck Cuny <franck@fcuny.net> | 2023-05-07 13:45:04 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-05-08 19:22:28 -0700 |
commit | 5d11f49ecf05048626227dfe6f758360775b300f (patch) | |
tree | ac86934f30f88b8749fcbf930a2660e3326d92c9 /profiles | |
parent | module for homelab (diff) | |
download | world-5d11f49ecf05048626227dfe6f758360775b300f.tar.gz |
profile/acme: default DNS provider is gandi
Add the API key for gandi to the secrest, create a profile for acme with my defaults. The profile is loaded by tahoe since that's where our services are running on. Update all the servers in nginx to listen on their wireguard interface.
Diffstat (limited to 'profiles')
-rw-r--r-- | profiles/acme.nix | 18 | ||||
-rw-r--r-- | profiles/nas.nix | 2 |
2 files changed, 19 insertions, 1 deletions
diff --git a/profiles/acme.nix b/profiles/acme.nix new file mode 100644 index 0000000..7fc62d3 --- /dev/null +++ b/profiles/acme.nix @@ -0,0 +1,18 @@ +{ pkgs, lib, config, ... }: +let + secrets = config.age.secrets; +in +{ + security.acme.acceptTerms = true; + security.acme.defaults = { + email = "le@fcuny.net"; + dnsProvider = "gandiv5"; + group = config.services.nginx.group; + credentialsFile = secrets."gandi/apikey".path; + dnsPropagationCheck = true; + }; + security.acme.certs."${config.homelab.domain}" = { + domain = "*.${config.homelab.domain}"; + extraDomainNames = [ config.homelab.domain ]; + }; +} diff --git a/profiles/nas.nix b/profiles/nas.nix index d1033af..7dc92da 100644 --- a/profiles/nas.nix +++ b/profiles/nas.nix @@ -1,8 +1,8 @@ { config, pkgs, ... }: { imports = [ - ./server.nix ./btrfs.nix + ./server.nix ]; users.groups.nas.gid = 5000; |