17 lines
427 B
Nix
17 lines
427 B
Nix
{ config, ... }:
|
|
|
|
{
|
|
sops.secrets.lego-credentials = {
|
|
sopsFile = ./secrets.yaml;
|
|
};
|
|
|
|
security.acme.acceptTerms = true;
|
|
security.acme.defaults.email = "admin+acme@cloonar.com";
|
|
security.acme.defaults = {
|
|
dnsProvider = "hetzner";
|
|
credentialsFile = config.sops.secrets.lego-credentials.path;
|
|
# We don't need to wait for propagation since this is a local DNS server
|
|
dnsPropagationCheck = true;
|
|
};
|
|
}
|