systems/x86_64-linux/prefect/services/acme.nix at ca84d4e5d51194cb4dbb99f9295f0e34d2d6e907 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / systems / x86_64-linux / prefect / services / acme.nix

at ca84d4e5d51194cb4dbb99f9295f0e34d2d6e907 790 B view raw

 1{ config, ... }:
 2{
 3  security.acme = {
 4    certs."pyrox.dev" = {
 5      domain = "*.pyrox.dev";
 6    };
 7    defaults = {
 8      # LE Production Server
 9      server = "https://acme-v02.api.letsencrypt.org/directory";
10      # use EC-384 instead of the default, EC-256
11      keyType = "ec384";
12      email = "pyrox@pyrox.dev";
13      # Enable OSCP Must-Staple(see https://blog.apnic.net/2019/01/15/is-the-web-ready-for-ocsp-must-staple/ )
14      ocspMustStaple = true;
15      # For DNS Challenges, use ClouDNS(my provider)
16      dnsProvider = "cloudns";
17      # Enable DNS Propagation checks(ensure DNS records exist before requesting certs)
18      dnsPropagationCheck = true;
19      # Agenix-encrypted credentials for ClouDNS
20      credentialsFile = config.age.secrets.acme-creds.path;
21    };
22  };
23}