hosts/prefect/services/acme.nix at dc503dfb275f70603f9d184eab6f231a54afcac6 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / hosts / prefect / services / acme.nix

at dc503dfb275f70603f9d184eab6f231a54afcac6 941 B view raw

 1{ config, ... }:
 2{
 3  security.acme = {
 4    acceptTerms = true;
 5    certs."pyroxdev-mail" = {
 6      domain = "mail.pyrox.dev";
 7      extraDomainNames = [
 8        "dav.pyrox.dev"
 9        "mta-sts.pyrox.dev"
10        "autoconfig.pyrox.dev"
11        "autodiscover.pyrox.dev"
12      ];
13      reloadServices = [ "stalwart-mail" ];
14    };
15    defaults = {
16      # LE Production Server
17      server = "https://acme-v02.api.letsencrypt.org/directory";
18      email = "pyrox@pyrox.dev";
19      # For DNS Challenges, use DeSec(my provider)
20      dnsProvider = "desec";
21      # Enable DNS Propagation checks(ensure DNS records exist before requesting certs)
22      dnsPropagationCheck = true;
23      dnsResolver = "9.9.9.9:53";
24      # Agenix-encrypted credentials for ACME
25      credentialsFile = config.age.secrets.acme-creds.path;
26    };
27  };
28  age.secrets.acme-creds = {
29    file = ../secrets/acme-creds.age;
30    owner = "acme";
31    group = "acme";
32  };
33}