mirror of
https://github.com/genebean/dots.git
synced 2026-03-27 09:27:44 -04:00
Gene Liverman
5047d93b86
- Rename modules/hosts/common to modules/shared - Split shared into home/general, home/linux, and nixos subdirectories - Update all import paths in lib/ and modules/hosts/ - Fix hardcoded /Users/ path to use config.home.homeDirectory - Update .sops.yaml path for secrets
25 lines
988 B
Nix
25 lines
988 B
Nix
{ config, username, ... }: {
|
|
|
|
##########################################################################
|
|
# #
|
|
# This module sets up Let's Encrypt certs via a DNS challenge to Gandi #
|
|
# #
|
|
##########################################################################
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults = {
|
|
email = "lets-encrypt@technicalissues.us";
|
|
credentialFiles = { "GANDIV5_PERSONAL_ACCESS_TOKEN_FILE" = "${config.sops.secrets.gandi_dns_pat.path}"; };
|
|
dnsProvider = "gandiv5";
|
|
dnsResolver = "ns1.gandi.net";
|
|
# uncomment below for testing
|
|
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
};
|
|
};
|
|
|
|
sops = {
|
|
age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
|
|
secrets.gandi_dns_pat.sopsFile = ../secrets.yaml;
|
|
};
|
|
}
|