AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add acme module

Browse Source
This commit is contained in:
Dmitriy Kholkin 2025-07-08 20:06:38 +03:00
parent 91ed66d8fb
commit e8364fac08
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
2 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/orion/default.nix
View File

@ -103,6 +103,7 @@
]; ];
ataraxia.containers.tinyproxy.enable = true; ataraxia.containers.tinyproxy.enable = true;
ataraxia.security.acme.enable = true;
ataraxia.services.vaultwarden.enable = true; ataraxia.services.vaultwarden.enable = true;
ataraxia.virtualisation.guests = { ataraxia.virtualisation.guests = {

39
modules/nixos/security/acme.nix Normal file
View File

@ -0,0 +1,39 @@
{
config,
lib,
inputs,
...
}:
let
inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.security.acme;
in
{
options.ataraxia.security.acme = {
enable = mkEnableOption "Default acme settings";
};
config = mkIf cfg.enable {
sops.secrets.cf-dns-api = {
sopsFile = inputs.self.secretsDir + /misc.yaml;
owner = "acme";
};
security.acme = {
acceptTerms = true;
# defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # staging
defaults.server = "https://acme-v02.api.letsencrypt.org/directory"; # production
defaults.email = "admin@ataraxiadev.com";
defaults.renewInterval = "weekly";
certs = {
"ataraxiadev.com" = {
extraDomainNames = [ "*.ataraxiadev.com" ];
dnsResolver = "1.1.1.1:53";
dnsProvider = "cloudflare";
credentialFiles."CF_DNS_API_TOKEN_FILE" = config.sops.secrets.cf-dns-api.path;
};
};
};
persist.state.directories = [ "/var/lib/acme" ];
};
}