You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.1 KiB
Nix
38 lines
1.1 KiB
Nix
{ config, pkgs, ...}: {
|
|
security.acme.acceptTerms = true;
|
|
security.acme.defaults.email = "acme@tempest.dev";
|
|
|
|
security.acme.certs."wildcard-irc.tempest.dev" = {
|
|
group = "pounce";
|
|
domain = "*.irc.tempest.dev";
|
|
dnsProvider = "namecheap";
|
|
credentialsFile = "/var/lib/secrets/namecheap.env";
|
|
};
|
|
|
|
security.acme.certs."wildcard-tempest.dev" = {
|
|
group = "haproxy";
|
|
domain = "*.tempest.dev";
|
|
dnsProvider = "namecheap";
|
|
credentialsFile = "/var/lib/secrets/namecheap.env";
|
|
};
|
|
|
|
systemd.services."concat-wildcard-cert" = {
|
|
enable = true;
|
|
description = "Concat wildcard certificate for HAProxy";
|
|
|
|
unitConfig = {
|
|
After = "acme-finished-wildcard-tempest.dev.target";
|
|
Before = "haproxy.service";
|
|
};
|
|
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
Group = "haproxy";
|
|
ExecStart = "/run/current-system/sw/bin/sh -c 'cat /var/lib/acme/wildcard-tempest.dev/fullchain.pem /var/lib/acme/wildcard-tempest.dev/key.pem > /var/lib/acme/wildcard-tempest.dev/combined.pem'";
|
|
};
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
};
|
|
}
|