mirror of
https://github.com/genebean/dots.git
synced 2026-03-27 09:27:44 -04:00
Gene Liverman
c1a53997ce
- Add deadnix, nixfmt, and statix to flake inputs - Add formatter output to flake for nix fmt support - Add deadnix, nixfmt, statix to Home Manager packages - Format all nix files with nixfmt - Add GitHub Actions workflow for CI validation - Support x86_64-darwin in formatter
28 lines
1,002 B
Nix
28 lines
1,002 B
Nix
{ config, username, ... }:
|
|
{
|
|
|
|
##########################################################################
|
|
# #
|
|
# This module sets up Let's Encrypt certs via a DNS challenge to Gandi #
|
|
# #
|
|
##########################################################################
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults = {
|
|
email = "lets-encrypt@technicalissues.us";
|
|
credentialFiles = {
|
|
"GANDIV5_PERSONAL_ACCESS_TOKEN_FILE" = "${config.sops.secrets.gandi_dns_pat.path}";
|
|
};
|
|
dnsProvider = "gandiv5";
|
|
dnsResolver = "ns1.gandi.net";
|
|
# uncomment below for testing
|
|
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
};
|
|
};
|
|
|
|
sops = {
|
|
age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
|
|
secrets.gandi_dns_pat.sopsFile = ../secrets.yaml;
|
|
};
|
|
}
|