summaryrefslogtreecommitdiff
path: root/profiles/homeserver/acme.nix
blob: e72e8fe175bbd12abd8450da94d935bf6a86ad47 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

{ config, lib, ... }: with lib; {
  security.acme = {
    acceptTerms = true;
    defaults = {
      extraLegoFlags = [ "--dns.disable-cp" ];
      extraLegoRunFlags = ["--preferred-chain" "ISRG Root X1"];
      email = my.email;
      dnsProvider = "porkbun";
      environmentFile = config.secrets.porkbun.path;
    };
    certs."${my.domain}" = {
      # NOTE(ivi): use dns wildcard certs for local services
      domain = "*.${my.domain}";
    };
  };
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-12 16:30:38 +0000