hosts/prefect/services/mailserver/acme.nix at main · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / hosts / prefect / services / mailserver / acme.nix

at main 603 B view raw

 1# ACME for certs, using TLS-ALPN-01 Challenges(one fewer ports open)
 2# https://stalw.art/docs/server/tls/acme/configuration
 3{ cfg, sec }:
 4{
 5  letsencrypt = {
 6    directory = "https://acme-staging-v02.api.letsencrypt.org/directory";
 7    challenge = "dns-01";
 8    contact = [ "pyrox@pyrox.dev" ];
 9    domains = [
10      "mail.pyrox.dev"
11      "mta-sts.pyrox.dev"
12      "autoconfig.pyrox.dev"
13      "autodiscover.pyrox.dev"
14    ];
15    cache = "${cfg.dataDir}/acme/certs";
16    renew-before = "30d";
17    default = true;
18    provider = "desec";
19    secret = "%{file:${sec.stalwart-desec-token.path}}%";
20  };
21}