summaryrefslogtreecommitdiffstats
path: root/krebs/1systems/ponte
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2023-08-01 17:29:42 +0200
committertv <tv@krebsco.de>2023-08-02 13:55:49 +0200
commit73a64cc57af95a876168151654f06277f91a2243 (patch)
tree90b0c52a5eb26a2fc83a147e289433f3edac2c68 /krebs/1systems/ponte
parent068fbd791257b3f3dc4cab7e11716171a8ef39fb (diff)
ponte: use DNS-01 challenge
Diffstat (limited to 'krebs/1systems/ponte')
-rw-r--r--krebs/1systems/ponte/config.nix19
1 files changed, 17 insertions, 2 deletions
diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix
index 0b9b1c563..8bb14d517 100644
--- a/krebs/1systems/ponte/config.nix
+++ b/krebs/1systems/ponte/config.nix
@@ -31,8 +31,23 @@
krebs.pages.enable = true;
krebs.pages.nginx.addSSL = true;
- krebs.pages.nginx.enableACME = true;
+ krebs.pages.nginx.useACMEHost = "krebsco.de";
security.acme.acceptTerms = true;
- security.acme.certs.${config.krebs.pages.domain}.email = "spam@krebsco.de";
+ security.acme.certs."krebsco.de" = {
+ domain = "krebsco.de";
+ extraDomainNames = [
+ "*.krebsco.de"
+ ];
+ email = "spam@krebsco.de";
+ reloadServices = [
+ "knsupdate-krebsco.de.service"
+ "nginx.service"
+ ];
+ keyType = "ec384";
+ dnsProvider = "rfc2136";
+ credentialsFile = "/var/src/secrets/acme-credentials";
+ };
+
+ users.users.nginx.extraGroups = [ "acme" ];
}