diff options
| author | tv <tv@krebsco.de> | 2023-08-01 17:29:42 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2023-08-02 13:55:49 +0200 |
| commit | 73a64cc57af95a876168151654f06277f91a2243 (patch) | |
| tree | 90b0c52a5eb26a2fc83a147e289433f3edac2c68 | |
| parent | 068fbd791257b3f3dc4cab7e11716171a8ef39fb (diff) | |
ponte: use DNS-01 challenge
| -rw-r--r-- | krebs/1systems/ponte/config.nix | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix index 0b9b1c563..8bb14d517 100644 --- a/krebs/1systems/ponte/config.nix +++ b/krebs/1systems/ponte/config.nix @@ -31,8 +31,23 @@ krebs.pages.enable = true; krebs.pages.nginx.addSSL = true; - krebs.pages.nginx.enableACME = true; + krebs.pages.nginx.useACMEHost = "krebsco.de"; security.acme.acceptTerms = true; - security.acme.certs.${config.krebs.pages.domain}.email = "spam@krebsco.de"; + security.acme.certs."krebsco.de" = { + domain = "krebsco.de"; + extraDomainNames = [ + "*.krebsco.de" + ]; + email = "spam@krebsco.de"; + reloadServices = [ + "knsupdate-krebsco.de.service" + "nginx.service" + ]; + keyType = "ec384"; + dnsProvider = "rfc2136"; + credentialsFile = "/var/src/secrets/acme-credentials"; + }; + + users.users.nginx.extraGroups = [ "acme" ]; } |