diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-09-19 13:00:39 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-09-19 13:00:39 +0200 |
commit | 40669f189aa158056fd080572852c73384adb02a (patch) | |
tree | 1612dc29935e2995ce202797035d5627c0b85d19 | |
parent | d2816d0c1821ffc9932e52c6fa315e69997472f4 (diff) | |
download | nixos-40669f189aa158056fd080572852c73384adb02a.tar nixos-40669f189aa158056fd080572852c73384adb02a.tar.gz nixos-40669f189aa158056fd080572852c73384adb02a.tar.bz2 nixos-40669f189aa158056fd080572852c73384adb02a.tar.xz nixos-40669f189aa158056fd080572852c73384adb02a.zip |
surtr: tls for all domains
-rw-r--r-- | hosts/surtr/tls.nix | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix index 9581dd60..773d9379 100644 --- a/hosts/surtr/tls.nix +++ b/hosts/surtr/tls.nix | |||
@@ -1,4 +1,7 @@ | |||
1 | { config, pkgs, ... }: | 1 | { config, lib, pkgs, ... }: |
2 | |||
3 | with lib; | ||
4 | |||
2 | let | 5 | let |
3 | knotCfg = config.services.knot; | 6 | knotCfg = config.services.knot; |
4 | 7 | ||
@@ -49,20 +52,20 @@ in { | |||
49 | }; | 52 | }; |
50 | 53 | ||
51 | security.acme = { | 54 | security.acme = { |
52 | server = "https://acme-staging-v02.api.letsencrypt.org/directory"; | ||
53 | |||
54 | acceptTerms = true; | 55 | acceptTerms = true; |
55 | preliminarySelfsigned = false; | 56 | preliminarySelfsigned = false; |
56 | email = "phikeebaogobaegh@141.li"; | 57 | email = "phikeebaogobaegh@141.li"; |
57 | certs = { | 58 | certs = |
58 | "rheperire.org" = { | 59 | let |
59 | domain = "rheperire.org"; | 60 | domains = ["dirty-haskell.org" "141.li" "xmpp.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email"]; |
60 | extraDomainNames = [ "*.rheperire.org" ]; | 61 | domainAttrset = domain: { |
61 | dnsProvider = "exec"; | 62 | inherit domain; |
62 | credentialsFile = knotDNSCredentials "rheperire.org"; | 63 | extraDomainNames = [ "*.${domain}" ]; |
63 | dnsResolver = "1.1.1.1:53"; | 64 | dnsProvider = "exec"; |
64 | }; | 65 | credentialsFile = knotDNSCredentials domain; |
65 | }; | 66 | dnsResolver = "1.1.1.1:53"; |
67 | }; | ||
68 | in genAttrs domains domainAttrset; | ||
66 | }; | 69 | }; |
67 | 70 | ||
68 | users.groups."knot".members = [ "acme" ]; | 71 | users.groups."knot".members = [ "acme" ]; |