VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions

Move ACME client to opnsense

Browse source
This commit is contained in:
Vili Sinervä 2025-02-20 23:52:23 +02:00
parent 885021c49e
commit 9fb03640e0
No known key found for this signature in database
GPG key ID: DF8FEAF54EFAC996
1 changed files with 4 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

21
services/acme-cert-store.nix
View file

@ -10,23 +10,8 @@
];
};
security.acme = {
acceptTerms = true;
certs."vsinerva.fi".extraDomainNames = [ "*.vsinerva.fi" ];
defaults = {
email = "vili.m.sinerva@gmail.com";
environmentFile = "/var/lib/acme/dns-creds";
dnsProvider = "ovh";
extraLegoFlags = [
"--dns.propagation-wait"
"60s"
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsctvJR4JOVoTAas0+lb8662EXFsQVNozTntnR7o5R1 opnsense"
];
postRun = ''
mkdir -p ${config.users.users."cert-store".home}/acme
cp fullchain.pem ${config.users.users."cert-store".home}/acme/
cp key.pem ${config.users.users."cert-store".home}/acme/
chmod o+r ${config.users.users."cert-store".home}/acme/*.pem
'';
};
};
}