diff options
author | tv <tv@krebsco.de> | 2023-08-01 17:29:42 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2023-08-02 13:55:49 +0200 |
commit | 73a64cc57af95a876168151654f06277f91a2243 (patch) | |
tree | 90b0c52a5eb26a2fc83a147e289433f3edac2c68 /krebs/1systems/ponte | |
parent | 068fbd791257b3f3dc4cab7e11716171a8ef39fb (diff) |
ponte: use DNS-01 challenge
Diffstat (limited to 'krebs/1systems/ponte')
-rw-r--r-- | krebs/1systems/ponte/config.nix | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix index 0b9b1c563..8bb14d517 100644 --- a/krebs/1systems/ponte/config.nix +++ b/krebs/1systems/ponte/config.nix @@ -31,8 +31,23 @@ krebs.pages.enable = true; krebs.pages.nginx.addSSL = true; - krebs.pages.nginx.enableACME = true; + krebs.pages.nginx.useACMEHost = "krebsco.de"; security.acme.acceptTerms = true; - security.acme.certs.${config.krebs.pages.domain}.email = "spam@krebsco.de"; + security.acme.certs."krebsco.de" = { + domain = "krebsco.de"; + extraDomainNames = [ + "*.krebsco.de" + ]; + email = "spam@krebsco.de"; + reloadServices = [ + "knsupdate-krebsco.de.service" + "nginx.service" + ]; + keyType = "ec384"; + dnsProvider = "rfc2136"; + credentialsFile = "/var/src/secrets/acme-credentials"; + }; + + users.users.nginx.extraGroups = [ "acme" ]; } |