nix-dotfiles/services/acme.nix

{ config, pkgs, lib, ... }:
{  
  #declare secrets
  sops.secrets."acme/certs" = {  };

  networking.enableIPv6 = false; #For some reason acme only works without ipv6, probably because of missing AAAA records. 
  networking.domain = "lauterer.it";
  #acme and certs helpful blog https://carjorvaz.com/posts/
  security.acme = {
    acceptTerms = true;
    defaults.email = "adrian+acme@lauterer.it";
    certs."${config.networking.domain}" = {
      domain = "${config.networking.domain}";
      extraDomainNames = [ 
        "*.${config.networking.domain}"
        #"lb0fj.eu"
        #"*.lb0fj.eu"
        "256.no"
        "*.256.no"
        "*.addictedmaker.eu"
        "addictedmaker.eu"
      ];
      
      ## for testing.
      #server = "https://acme-staging-v02.api.letsencrypt.org/directory"; 
      #enableDebugLogs = true;

      #legos registrar specific stuff. 
      dnsResolver = "ns1.hyp.net:53";
      dnsProvider = "domeneshop";   # from here according to provider https://go-acme.github.io/lego/dns/ 
      dnsPropagationCheck = true;
      #need to manually create this file according to dnsprovider secrets, and format of key according to lego in privider and add to secrets.yaml
      credentialsFile =  config.sops.secrets."acme/certs".path; 
    };
  };

  #add proxyserver to acme group
  users.users.nginx.extraGroups = [ "acme" ];
  users.users.root.extraGroups = [ "acme" ];
}
refactoring + new services, profiles and updates 2024-04-19 14:22:06 +02:00			`{ config, pkgs, lib, ... }:`
			`{`
			`#declare secrets`
			`sops.secrets."acme/certs" = { };`

			`networking.enableIPv6 = false; #For some reason acme only works without ipv6, probably because of missing AAAA records.`
			`networking.domain = "lauterer.it";`
			`#acme and certs helpful blog https://carjorvaz.com/posts/`
			`security.acme = {`
			`acceptTerms = true;`
			`defaults.email = "adrian+acme@lauterer.it";`
			`certs."${config.networking.domain}" = {`
			`domain = "${config.networking.domain}";`
			`extraDomainNames = [`
			`"*.${config.networking.domain}"`
temporarily removed lb0fj from acme 2024-04-28 14:54:21 +02:00			`#"lb0fj.eu"`
			`#"*.lb0fj.eu"`
Update acme.nix added domains 2024-04-26 16:44:02 +02:00			`"256.no"`
			`"*.256.no"`
			`"*.addictedmaker.eu"`
			`"addictedmaker.eu"`
refactoring + new services, profiles and updates 2024-04-19 14:22:06 +02:00			`];`

			`## for testing.`
			`#server = "https://acme-staging-v02.api.letsencrypt.org/directory";`
			`#enableDebugLogs = true;`

			`#legos registrar specific stuff.`
			`dnsResolver = "ns1.hyp.net:53";`
			`dnsProvider = "domeneshop"; # from here according to provider https://go-acme.github.io/lego/dns/`
			`dnsPropagationCheck = true;`
			`#need to manually create this file according to dnsprovider secrets, and format of key according to lego in privider and add to secrets.yaml`
			`credentialsFile = config.sops.secrets."acme/certs".path;`
			`};`
			`};`

			`#add proxyserver to acme group`
			`users.users.nginx.extraGroups = [ "acme" ];`
			`users.users.root.extraGroups = [ "acme" ];`
			`}`