2022-04-10 20:57:56 +02:00
|
|
|
{ pkgs, lib, config, options, ... }:
|
2022-09-27 22:07:46 +02:00
|
|
|
with lib;
|
2022-04-10 20:57:56 +02:00
|
|
|
|
|
|
|
|
let
|
|
|
|
|
cfg = config.personal.services.acme;
|
|
|
|
|
|
|
|
|
|
in
|
|
|
|
|
{
|
2022-09-27 22:07:46 +02:00
|
|
|
options = {
|
2022-04-10 20:57:56 +02:00
|
|
|
personal = {
|
|
|
|
|
services = {
|
|
|
|
|
acme = {
|
|
|
|
|
enable = mkEnableOption "Acme";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2022-09-27 22:07:46 +02:00
|
|
|
config = mkIf cfg.enable {
|
2024-07-17 16:05:33 +02:00
|
|
|
ids.uids = {
|
|
|
|
|
acme = 400;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
ids.gids = {
|
|
|
|
|
acme = 400;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
users.users.acme = {
|
|
|
|
|
uid = config.ids.uids.acme;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
users.groups.acme = {
|
|
|
|
|
gid = config.ids.gids.acme;
|
|
|
|
|
};
|
|
|
|
|
|
2022-09-27 22:07:46 +02:00
|
|
|
security = {
|
|
|
|
|
acme = {
|
|
|
|
|
acceptTerms = true;
|
2022-09-27 22:41:24 +02:00
|
|
|
|
|
|
|
|
defaults = {
|
2022-11-17 21:48:21 +01:00
|
|
|
reloadServices = [ "nginx" ];
|
2022-09-27 22:41:24 +02:00
|
|
|
};
|
2022-04-10 20:57:56 +02:00
|
|
|
|
2022-09-27 22:07:46 +02:00
|
|
|
certs = {
|
|
|
|
|
"boerger.ws" = {
|
2022-11-17 21:48:21 +01:00
|
|
|
email = "hostmaster@boerger.ws";
|
2022-09-28 13:54:01 +02:00
|
|
|
extraDomainNames = [ "*.boerger.ws" ];
|
2022-09-27 22:07:46 +02:00
|
|
|
dnsProvider = "cloudflare";
|
|
|
|
|
credentialsFile = config.age.secrets."services/acme/credentials".path;
|
2022-04-10 20:57:56 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2022-09-27 22:07:46 +02:00
|
|
|
};
|
2022-04-10 20:57:56 +02:00
|
|
|
|
2022-09-27 22:07:46 +02:00
|
|
|
age.secrets."services/acme/credentials" = {
|
2024-01-30 14:00:15 +01:00
|
|
|
file = ../../secrets/services/acme/credentials.age;
|
2022-09-27 22:07:46 +02:00
|
|
|
owner = "acme";
|
2022-04-10 20:57:56 +02:00
|
|
|
};
|
2022-09-27 22:07:46 +02:00
|
|
|
};
|
2022-04-10 20:57:56 +02:00
|
|
|
}
|
