nixos-config/profiles/servers/acme.nix

{ config, inputs, ... }: {
  sops.secrets.cf-dns-api = {
    sopsFile = inputs.self.secretsDir + /misc.yaml;
    owner = "acme";
  };
  security.acme = {
    acceptTerms = true;
    # defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # staging
    defaults.server = "https://acme-v02.api.letsencrypt.org/directory"; # production
    defaults.email = "admin@ataraxiadev.com";
    defaults.renewInterval = "weekly";
    certs = {
      "ataraxiadev.com" = {
        extraDomainNames = [ "*.ataraxiadev.com" ];
        dnsResolver = "1.1.1.1:53";
        dnsProvider = "cloudflare";
        credentialFiles."CF_DNS_API_TOKEN_FILE" = config.sops.secrets.cf-dns-api.path;
      };
    };
  };
  persist.state.directories = [ "/var/lib/acme" ];
}
use dns-01 challenge 2024-02-09 21:21:14 +03:00			`{ config, inputs, ... }: {`
			`sops.secrets.cf-dns-api = {`
			`sopsFile = inputs.self.secretsDir + /misc.yaml;`
			`owner = "acme";`
			`};`
wip 2023-01-13 04:03:15 +03:00			`security.acme = {`
			`acceptTerms = true;`
			`# defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # staging`
			`defaults.server = "https://acme-v02.api.letsencrypt.org/directory"; # production`
change acme email address 2023-04-25 17:31:19 +03:00			`defaults.email = "admin@ataraxiadev.com";`
wip 2023-01-13 04:03:15 +03:00			`defaults.renewInterval = "weekly";`
use dns-01 challenge 2024-02-09 21:21:14 +03:00			`certs = {`
			`"ataraxiadev.com" = {`
			`extraDomainNames = [ "*.ataraxiadev.com" ];`
			`dnsResolver = "1.1.1.1:53";`
			`dnsProvider = "cloudflare";`
			`credentialFiles."CF_DNS_API_TOKEN_FILE" = config.sops.secrets.cf-dns-api.path;`
			`};`
			`};`
wip 2023-01-13 04:03:15 +03:00			`};`
use dns-01 challenge 2024-02-09 21:21:14 +03:00			`persist.state.directories = [ "/var/lib/acme" ];`
wip 2023-01-13 04:03:15 +03:00			`}`