2025-05-22 09:44:38 +02:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
2025-07-20 01:23:48 +02:00
|
|
|
}:
|
|
|
|
|
let
|
2025-05-22 09:44:38 +02:00
|
|
|
mkAcmeCert = domain: {
|
|
|
|
|
# An acme system user is created. This user belongs to the acme group
|
|
|
|
|
# and the home directory is /var/lib/acme. This user will try to make the directory
|
|
|
|
|
# .well-known/acme-challenge/ under the webroot directory.
|
2025-05-22 18:51:52 +02:00
|
|
|
webroot = "/var/lib/acme";
|
2025-05-22 09:44:38 +02:00
|
|
|
|
|
|
|
|
# email to send updates to, we prefix "acme" and the
|
|
|
|
|
# name of the domain the certificate is for to it.
|
2025-05-22 18:32:26 +02:00
|
|
|
email = "charlie@charlieroot.dev";
|
2025-05-22 09:44:38 +02:00
|
|
|
group = "nginx";
|
|
|
|
|
};
|
2025-07-20 01:23:48 +02:00
|
|
|
in
|
|
|
|
|
{
|
2025-05-22 09:44:38 +02:00
|
|
|
security.acme = {
|
|
|
|
|
acceptTerms = true;
|
|
|
|
|
defaults = {
|
|
|
|
|
email = "charlie@charlieroot.dev";
|
|
|
|
|
# testing server, do not use in production, but DO use it for setting things up.
|
|
|
|
|
# it has much higher rate limits.
|
|
|
|
|
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
|
|
|
};
|
2025-05-22 18:26:31 +02:00
|
|
|
certs = {
|
2025-05-22 22:06:43 +02:00
|
|
|
# "copeberg.org" = mkAcmeCert "copeberg.org";
|
|
|
|
|
# "info.copeberg.org" = mkAcmeCert "info.copeberg.org";
|
|
|
|
|
# "mail.charlieroot.dev" = mkAcmeCert "mail.charlieroot.dev";
|
2025-05-22 18:26:31 +02:00
|
|
|
};
|
2025-05-22 09:44:38 +02:00
|
|
|
};
|
|
|
|
|
}
|
