19 lines
563 B
Nix
19 lines
563 B
Nix
{ ... }: {
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "aveeryy@protonmail.com";
|
|
# Temporarily use staging server for testing
|
|
defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
certs."rcia.dev" = {
|
|
credentialFiles.CLOUDFLARE_DNS_API_TOKEN_FILE =
|
|
"/run/secrets/cloudflare_api_token";
|
|
dnsProvider = "cloudflare";
|
|
group = "nginx";
|
|
webroot = null;
|
|
};
|
|
};
|
|
sops.secrets."cloudflare/api_token" = {
|
|
path = "/run/secrets/cloudflare_api_token";
|
|
group = "acme";
|
|
};
|
|
}
|