summaryrefslogtreecommitdiffstats
path: root/krebs/1systems/ponte/config.nix
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/1systems/ponte/config.nix')
-rw-r--r--krebs/1systems/ponte/config.nix20
1 files changed, 18 insertions, 2 deletions
diff --git a/krebs/1systems/ponte/config.nix b/krebs/1systems/ponte/config.nix
index 2f55995cf..8bb14d517 100644
--- a/krebs/1systems/ponte/config.nix
+++ b/krebs/1systems/ponte/config.nix
@@ -5,6 +5,7 @@
<stockholm/krebs>
<stockholm/krebs/2configs>
<stockholm/krebs/2configs/matterbridge.nix>
+ <stockholm/krebs/2configs/nameserver.nix>
];
networking.firewall.allowedTCPPorts = [ 80 443 ];
@@ -30,8 +31,23 @@
krebs.pages.enable = true;
krebs.pages.nginx.addSSL = true;
- krebs.pages.nginx.enableACME = true;
+ krebs.pages.nginx.useACMEHost = "krebsco.de";
security.acme.acceptTerms = true;
- security.acme.certs.${config.krebs.pages.domain}.email = "spam@krebsco.de";
+ security.acme.certs."krebsco.de" = {
+ domain = "krebsco.de";
+ extraDomainNames = [
+ "*.krebsco.de"
+ ];
+ email = "spam@krebsco.de";
+ reloadServices = [
+ "knsupdate-krebsco.de.service"
+ "nginx.service"
+ ];
+ keyType = "ec384";
+ dnsProvider = "rfc2136";
+ credentialsFile = "/var/src/secrets/acme-credentials";
+ };
+
+ users.users.nginx.extraGroups = [ "acme" ];
}