summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hosts/surtr/tls.nix27
1 files changed, 15 insertions, 12 deletions
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix
index 9581dd60..773d9379 100644
--- a/hosts/surtr/tls.nix
+++ b/hosts/surtr/tls.nix
@@ -1,4 +1,7 @@
1{ config, pkgs, ... }: 1{ config, lib, pkgs, ... }:
2
3with lib;
4
2let 5let
3 knotCfg = config.services.knot; 6 knotCfg = config.services.knot;
4 7
@@ -49,20 +52,20 @@ in {
49 }; 52 };
50 53
51 security.acme = { 54 security.acme = {
52 server = "https://acme-staging-v02.api.letsencrypt.org/directory";
53
54 acceptTerms = true; 55 acceptTerms = true;
55 preliminarySelfsigned = false; 56 preliminarySelfsigned = false;
56 email = "phikeebaogobaegh@141.li"; 57 email = "phikeebaogobaegh@141.li";
57 certs = { 58 certs =
58 "rheperire.org" = { 59 let
59 domain = "rheperire.org"; 60 domains = ["dirty-haskell.org" "141.li" "xmpp.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email"];
60 extraDomainNames = [ "*.rheperire.org" ]; 61 domainAttrset = domain: {
61 dnsProvider = "exec"; 62 inherit domain;
62 credentialsFile = knotDNSCredentials "rheperire.org"; 63 extraDomainNames = [ "*.${domain}" ];
63 dnsResolver = "1.1.1.1:53"; 64 dnsProvider = "exec";
64 }; 65 credentialsFile = knotDNSCredentials domain;
65 }; 66 dnsResolver = "1.1.1.1:53";
67 };
68 in genAttrs domains domainAttrset;
66 }; 69 };
67 70
68 users.groups."knot".members = [ "acme" ]; 71 users.groups."knot".members = [ "acme" ];