diff options
-rw-r--r-- | hosts/surtr/tls.nix | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix index 773d9379..6e7fcabc 100644 --- a/hosts/surtr/tls.nix +++ b/hosts/surtr/tls.nix | |||
@@ -44,6 +44,8 @@ let | |||
44 | ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" | 44 | ${knotCfg.cliWrappers}/bin/knotc zone-commit "${zone}" |
45 | commited=yes | 45 | commited=yes |
46 | ''; | 46 | ''; |
47 | |||
48 | domains = ["dirty-haskell.org" "141.li" "xmpp.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email"]; | ||
47 | in { | 49 | in { |
48 | config = { | 50 | config = { |
49 | fileSystems."/var/lib/acme" = | 51 | fileSystems."/var/lib/acme" = |
@@ -57,7 +59,6 @@ in { | |||
57 | email = "phikeebaogobaegh@141.li"; | 59 | email = "phikeebaogobaegh@141.li"; |
58 | certs = | 60 | certs = |
59 | let | 61 | let |
60 | domains = ["dirty-haskell.org" "141.li" "xmpp.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email"]; | ||
61 | domainAttrset = domain: { | 62 | domainAttrset = domain: { |
62 | inherit domain; | 63 | inherit domain; |
63 | extraDomainNames = [ "*.${domain}" ]; | 64 | extraDomainNames = [ "*.${domain}" ]; |
@@ -68,6 +69,15 @@ in { | |||
68 | in genAttrs domains domainAttrset; | 69 | in genAttrs domains domainAttrset; |
69 | }; | 70 | }; |
70 | 71 | ||
71 | users.groups."knot".members = [ "acme" ]; | 72 | systemd.services = |
73 | let | ||
74 | serviceAttrset = domain: { | ||
75 | bindsTo = [ "knot.service" ]; | ||
76 | serviceConfig = { | ||
77 | ReadWritePaths = ["/run/knot/knot.sock"]; | ||
78 | SupplementaryGroups = ["knot"]; | ||
79 | }; | ||
80 | }; | ||
81 | in mapAttrs' (domain: nameValuePair "acme-${domain}") (genAttrs domains serviceAttrset); | ||
72 | }; | 82 | }; |
73 | } | 83 | } |