systems/koumakan/certificates/default.nix at refactor/move-global-system-config · soopy.moe/gensokyo

soopy.moe / gensokyo

nixos config

gensokyo / systems / koumakan / certificates / default.nix

at refactor/move-global-system-config 629 B view raw

 1{...}: {
 2  imports = [
 3    ./global.nix
 4    ./postgresql.nix
 5    ./fediverse.nix
 6  ];
 7
 8  security.acme = {
 9    defaults = {
10      # == lego Configuration ==
11      credentialsFile = "/etc/lego/desec";
12      dnsProvider = "desec";
13      # In a more ideal world we would have an eddsa algo here but oh well
14      keyType = "ec256"; # Ensure we use ec keys
15
16      dnsResolver = "8.8.8.8:53";
17
18      # == LE Configuration ==
19      email = "me@soopy.moe";
20      # server = "https://acme-staging-v02.api.letsencrypt.org/directory";
21      server = "https://acme-v02.api.letsencrypt.org/directory";
22    };
23
24    acceptTerms = true;
25  };
26}