43 lines
757 B
Nix
43 lines
757 B
Nix
{ pkgs, config, ... }:
|
|
{
|
|
# These ports need to be open for acme
|
|
networking.firewall.allowedTCPPorts = [
|
|
80
|
|
443
|
|
];
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
};
|
|
|
|
age.secrets.acme = {
|
|
file = ../../secrets/acme.age;
|
|
owner = "acme";
|
|
group = "acme";
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
|
|
defaults = {
|
|
group = config.services.nginx.group;
|
|
|
|
dnsProvider = "cloudflare";
|
|
|
|
email = "dezuttereluka@gmail.com";
|
|
|
|
credentialFiles = {
|
|
"CLOUDFLARE_DNS_API_TOKEN_FILE" = config.age.secrets.acme.path;
|
|
};
|
|
};
|
|
|
|
certs = {
|
|
"katkak.dev" = {
|
|
extraDomainNames = [ "*.katkak.dev" ];
|
|
};
|
|
};
|
|
};
|
|
}
|