From 40669f189aa158056fd080572852c73384adb02a Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sun, 19 Sep 2021 13:00:39 +0200
Subject: surtr: tls for all domains

---
 hosts/surtr/tls.nix | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix
index 9581dd60..773d9379 100644
--- a/hosts/surtr/tls.nix
+++ b/hosts/surtr/tls.nix
@@ -1,4 +1,7 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
+
+with lib;
+
 let
   knotCfg = config.services.knot;
   
@@ -49,20 +52,20 @@ in {
       };
 
     security.acme = {
-      server = "https://acme-staging-v02.api.letsencrypt.org/directory";
-      
       acceptTerms = true;
       preliminarySelfsigned = false;
       email = "phikeebaogobaegh@141.li";
-      certs = {
-        "rheperire.org" = {
-          domain = "rheperire.org";
-          extraDomainNames = [ "*.rheperire.org" ];
-          dnsProvider = "exec";
-          credentialsFile = knotDNSCredentials "rheperire.org";
-          dnsResolver = "1.1.1.1:53";
-        };
-      };
+      certs =
+        let
+          domains = ["dirty-haskell.org" "141.li" "xmpp.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email"];
+          domainAttrset = domain: {
+            inherit domain;
+            extraDomainNames = [ "*.${domain}" ];
+            dnsProvider = "exec";
+            credentialsFile = knotDNSCredentials domain;
+            dnsResolver = "1.1.1.1:53";
+          };
+        in genAttrs domains domainAttrset;
     };
 
     users.groups."knot".members = [ "acme" ];
-- 
cgit v1.2.3