From 40669f189aa158056fd080572852c73384adb02a Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sun, 19 Sep 2021 13:00:39 +0200 Subject: surtr: tls for all domains --- hosts/surtr/tls.nix | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix index 9581dd60..773d9379 100644 --- a/hosts/surtr/tls.nix +++ b/hosts/surtr/tls.nix @@ -1,4 +1,7 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: + +with lib; + let knotCfg = config.services.knot; @@ -49,20 +52,20 @@ in { }; security.acme = { - server = "https://acme-staging-v02.api.letsencrypt.org/directory"; - acceptTerms = true; preliminarySelfsigned = false; email = "phikeebaogobaegh@141.li"; - certs = { - "rheperire.org" = { - domain = "rheperire.org"; - extraDomainNames = [ "*.rheperire.org" ]; - dnsProvider = "exec"; - credentialsFile = knotDNSCredentials "rheperire.org"; - dnsResolver = "1.1.1.1:53"; - }; - }; + certs = + let + domains = ["dirty-haskell.org" "141.li" "xmpp.li" "yggdrasil.li" "praseodym.org" "rheperire.org" "kleen.li" "nights.email"]; + domainAttrset = domain: { + inherit domain; + extraDomainNames = [ "*.${domain}" ]; + dnsProvider = "exec"; + credentialsFile = knotDNSCredentials domain; + dnsResolver = "1.1.1.1:53"; + }; + in genAttrs domains domainAttrset; }; users.groups."knot".members = [ "acme" ]; -- cgit v1.2.3