site: add and force SSL
This commit is contained in:
parent
eae1c39468
commit
04bea73b6a
SSH key fingerprint:
SHA256:pp9qddbCNmVNoSjevdvQvM5z0DHN7LTa8qBMbcMq/R4
4 changed files with 75 additions and 7 deletions
BIN
hosts/thegeneralist-central/acme/acmeEnvironment.age
Normal file
BIN
hosts/thegeneralist-central/acme/acmeEnvironment.age
Normal file
Binary file not shown.
24
hosts/thegeneralist-central/acme/default.nix
Normal file
24
hosts/thegeneralist-central/acme/default.nix
Normal file
|
|
@ -0,0 +1,24 @@
|
|||
{ config, ... }: let
|
||||
domain = "thegeneralist01.com";
|
||||
in {
|
||||
age.secrets.acmeEnvironment.file = ./acmeEnvironment.age;
|
||||
|
||||
security.acme = {
|
||||
defaults = {
|
||||
# Options: https://go-acme.github.io/lego/dns/
|
||||
environmentFile = config.age.secrets.acmeEnvironment.path;
|
||||
email = "thegeneralist01@proton.me";
|
||||
dnsResolver = "1.1.1.1";
|
||||
dnsProvider = "cloudflare";
|
||||
};
|
||||
|
||||
certs.${domain} = {
|
||||
extraDomainNames = [ "*.${domain}" ];
|
||||
group = "acme";
|
||||
};
|
||||
|
||||
acceptTerms = true;
|
||||
};
|
||||
|
||||
users.groups.acme.members = [ "nginx" ];
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue