summaryrefslogtreecommitdiffstats
path: root/krebs/1systems/ponte/config.nix
diff options
context:
space:
mode:
authorlassulus <git@lassul.us>2023-09-04 10:56:33 +0200
committerlassulus <git@lassul.us>2023-09-04 10:56:33 +0200
commitdf62e24584a38d680018bfcab18821d12b0b1d13 (patch)
tree84906536fcdaf4857ed6b491dd50aad15106ea70 /krebs/1systems/ponte/config.nix
parent591680e58f94e2fc6a65378c0baf190c2f2a5b68 (diff)
parentda3c1f05f595ac6919f26e994094d5513936a06e (diff)
Merge remote-tracking branch 'ni/master'
Diffstat (limited to 'krebs/1systems/ponte/config.nix')
-rw-r--r--krebs/1systems/ponte/config.nix20
1 files changed, 18 insertions, 2 deletions
diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix
index 2f55995cf..8bb14d517 100644
--- a/krebs/1systems/ponte/config.nix
+++ b/krebs/1systems/ponte/config.nix
@@ -5,6 +5,7 @@
<stockholm/krebs>
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/matterbridge.nix>
+ <stockholm/krebs/2configs/nameserver.nix>
];
networking.firewall.allowedTCPPorts = [ 80 443 ];
@@ -30,8 +31,23 @@
krebs.pages.enable = true;
krebs.pages.nginx.addSSL = true;
- krebs.pages.nginx.enableACME = true;
+ krebs.pages.nginx.useACMEHost = "krebsco.de";
security.acme.acceptTerms = true;
- security.acme.certs.${config.krebs.pages.domain}.email = "spam@krebsco.de";
+ security.acme.certs."krebsco.de" = {
+ domain = "krebsco.de";
+ extraDomainNames = [
+ "*.krebsco.de"
+ ];
+ email = "spam@krebsco.de";
+ reloadServices = [
+ "knsupdate-krebsco.de.service"
+ "nginx.service"
+ ];
+ keyType = "ec384";
+ dnsProvider = "rfc2136";
+ credentialsFile = "/var/src/secrets/acme-credentials";
+ };
+
+ users.users.nginx.extraGroups = [ "acme" ];
}