diff options
Diffstat (limited to 'krebs/1systems/ponte/config.nix')
-rw-r--r-- | krebs/1systems/ponte/config.nix | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix index 2f55995cf..8bb14d517 100644 --- a/krebs/1systems/ponte/config.nix +++ b/krebs/1systems/ponte/config.nix @@ -5,6 +5,7 @@ <stockholm/krebs> <stockholm/krebs/2configs> <stockholm/krebs/2configs/matterbridge.nix> + <stockholm/krebs/2configs/nameserver.nix> ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; @@ -30,8 +31,23 @@ krebs.pages.enable = true; krebs.pages.nginx.addSSL = true; - krebs.pages.nginx.enableACME = true; + krebs.pages.nginx.useACMEHost = "krebsco.de"; security.acme.acceptTerms = true; - security.acme.certs.${config.krebs.pages.domain}.email = "spam@krebsco.de"; + security.acme.certs."krebsco.de" = { + domain = "krebsco.de"; + extraDomainNames = [ + "*.krebsco.de" + ]; + email = "spam@krebsco.de"; + reloadServices = [ + "knsupdate-krebsco.de.service" + "nginx.service" + ]; + keyType = "ec384"; + dnsProvider = "rfc2136"; + credentialsFile = "/var/src/secrets/acme-credentials"; + }; + + users.users.nginx.extraGroups = [ "acme" ]; } |