mirror of
https://github.com/RGBCube/ncc
synced 2025-07-27 18:17:44 +00:00
26 lines
637 B
Nix
26 lines
637 B
Nix
{ config, lib, ... }: let
|
|
inherit (config.networking) domain;
|
|
inherit (lib) mkValue;
|
|
in {
|
|
options.security.acme.users = mkValue [];
|
|
|
|
config.secrets.acmeEnvironment.file = ./environment.age;
|
|
|
|
config.users.groups.acme.members = config.security.acme.users;
|
|
|
|
config.security.acme = {
|
|
acceptTerms = true;
|
|
|
|
defaults = {
|
|
environmentFile = config.secrets.acmeEnvironment.path;
|
|
dnsProvider = "cloudflare";
|
|
dnsResolver = "1.1.1.1";
|
|
email = "security@${domain}";
|
|
};
|
|
|
|
certs.${domain} = {
|
|
extraDomainNames = [ "*.${domain}" ];
|
|
group = "acme";
|
|
};
|
|
};
|
|
}
|