Initial commit

2021-11-15 13:02:05 +03:00
commit 85aaf52635
28 changed files with 1360 additions and 0 deletions
--- a/letsencrypt/acme.nix
+++ b/letsencrypt/acme.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+let
+  cfg = config.services.userdata;
+in
+{
+  users.groups.acmerecievers = {
+    members = [ "nginx" "dovecot2" "postfix" "virtualMail" "ocserv" ];
+  };
+  security.acme = {
+    acceptTerms = true;
+    email = "${cfg.username}@${cfg.domain}";
+    certs = {
+      "${cfg.domain}" = {
+        domain = "*.${cfg.domain}";
+        extraDomainNames = [ "${cfg.domain}" ];
+        group = "acmerecievers";
+        dnsProvider = "cloudflare";
+        credentialsFile = "/var/cloudflareCredentials.ini";
+      };
+    };
+  };
+}
--- a/letsencrypt/resolve.nix
+++ b/letsencrypt/resolve.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+let
+  domain = config.services.userdata.domain;
+in
+{
+  systemd = {
+    services = {
+      "acme-${domain}" = {
+        serviceConfig = {
+          StartLimitBurst = 5;
+          StartLimitIntervalSec = 5;
+          Restart = "on-failure";
+        };
+      };
+      "nginx-config-reload" = {
+        serviceConfig = {
+          After = [ "acme-${domain}.service" ];
+        };
+      };
+    };
+  };
+}