From ec7b0f75b5abad46a0d3653741f3da113b665f02 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 26 Mar 2022 16:27:43 +0100
Subject: certspotter

---
 hosts/surtr/tls/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'hosts')

diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix
index 6fbab9bd..d204a51d 100644
--- a/hosts/surtr/tls/default.nix
+++ b/hosts/surtr/tls/default.nix
@@ -108,5 +108,10 @@ in {
           };
         };
       in mapAttrs' (domain: nameValuePair "acme-${domain}") (genAttrs (attrNames config.security.acme.certs) serviceAttrset);
+
+    services.certspotter = {
+      watchList = map (domain: ".${domain}") (attrNames cfg.domains);
+      logs = "https://www.gstatic.com/ct/log_list/v2/all_logs_list.json";
+    };
   };
 }
-- 
cgit v1.2.3