VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions
nixos-conf/services/acme-cert-store.nix

32 lines
1 KiB
Nix
Raw Normal View History

Add ACME cert-store
2025-01-20 18:28:16 +02:00
{ config, ... }:
{
users.users."cert-store" = {
isNormalUser = true;
description = "Read-only access to certs";
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys ++ [
Test cert-store with nextcloud
2025-01-20 22:30:30 +02:00
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHj2PK6LHsanSqaz8Gf/VqHaurd5e6Y7KnZNBiHb9adT nextcloud"
Gitea to cert-store
2025-01-20 23:11:21 +02:00
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiJZWlmiEkVzlf5/KV/jKkCGlgp8mnEeCnwk/dhdctJ gitea"
Add ACME cert-store
2025-01-20 18:28:16 +02:00
];
};
security.acme = {
acceptTerms = true;
certs."vsinerva.fi".extraDomainNames = [ "*.vsinerva.fi" ];
defaults = {
email = "vili.m.sinerva@gmail.com";
environmentFile = "/var/lib/acme/dns-creds";
dnsProvider = "ovh";
extraLegoFlags = [
"--dns.propagation-wait"
"60s"
];
postRun = ''
mkdir -p ${config.users.users."cert-store".home}/acme
cp fullchain.pem ${config.users.users."cert-store".home}/acme/
cp key.pem ${config.users.users."cert-store".home}/acme/
Improve ACME cert store
2025-01-20 22:07:54 +02:00
chmod o+r ${config.users.users."cert-store".home}/acme/*.pem
Add ACME cert-store
2025-01-20 18:28:16 +02:00
'';
};
};
}
Copy permalink