diff options
author | lassulus <git@lassul.us> | 2023-09-04 10:56:33 +0200 |
---|---|---|
committer | lassulus <git@lassul.us> | 2023-09-04 10:56:33 +0200 |
commit | df62e24584a38d680018bfcab18821d12b0b1d13 (patch) | |
tree | 84906536fcdaf4857ed6b491dd50aad15106ea70 /krebs/1systems/ponte/config.nix | |
parent | 591680e58f94e2fc6a65378c0baf190c2f2a5b68 (diff) | |
parent | da3c1f05f595ac6919f26e994094d5513936a06e (diff) |
Merge remote-tracking branch 'ni/master'
Diffstat (limited to 'krebs/1systems/ponte/config.nix')
-rw-r--r-- | krebs/1systems/ponte/config.nix | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix index 2f55995cf..8bb14d517 100644 --- a/krebs/1systems/ponte/config.nix +++ b/krebs/1systems/ponte/config.nix @@ -5,6 +5,7 @@ <stockholm/krebs> <stockholm/krebs/2configs> <stockholm/krebs/2configs/matterbridge.nix> + <stockholm/krebs/2configs/nameserver.nix> ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; @@ -30,8 +31,23 @@ krebs.pages.enable = true; krebs.pages.nginx.addSSL = true; - krebs.pages.nginx.enableACME = true; + krebs.pages.nginx.useACMEHost = "krebsco.de"; security.acme.acceptTerms = true; - security.acme.certs.${config.krebs.pages.domain}.email = "spam@krebsco.de"; + security.acme.certs."krebsco.de" = { + domain = "krebsco.de"; + extraDomainNames = [ + "*.krebsco.de" + ]; + email = "spam@krebsco.de"; + reloadServices = [ + "knsupdate-krebsco.de.service" + "nginx.service" + ]; + keyType = "ec384"; + dnsProvider = "rfc2136"; + credentialsFile = "/var/src/secrets/acme-credentials"; + }; + + users.users.nginx.extraGroups = [ "acme" ]; } |