site: add and force SSL

2026-03-10 02:30:29 +01:00 · 2025-06-27 21:19:22 +02:00 · 2025-06-27 21:19:22 +02:00 · 04bea73b6a
commit 04bea73b6a
parent eae1c39468
4 changed files with 75 additions and 7 deletions
--- a/hosts/thegeneralist-central/acme/default.nix
+++ b/hosts/thegeneralist-central/acme/default.nix
@ -0,0 +1,24 @@
+{ config, ... }: let
+  domain = "thegeneralist01.com";
+in {
+  age.secrets.acmeEnvironment.file = ./acmeEnvironment.age;
+
+  security.acme = {
+    defaults = {
+      # Options: https://go-acme.github.io/lego/dns/
+      environmentFile = config.age.secrets.acmeEnvironment.path;
+      email = "thegeneralist01@proton.me";
+      dnsResolver = "1.1.1.1";
+      dnsProvider = "cloudflare";
+    };
+
+    certs.${domain} = {
+      extraDomainNames = [ "*.${domain}" ];
+      group = "acme";
+    };
+
+    acceptTerms = true;
+  };
+
+  users.groups.acme.members = [ "nginx" ];
+}