blob: 0a0c4ce87bbcf0b0afa5a26431fd23bd9a09c739 (
plain) (
tree)
|
|
{lib, ...}: let
domains = import ./domains.nix {};
virtualHosts = builtins.listToAttrs (
builtins.map (domain_name: {
name = "acmechallenge.${domain_name}";
value = {
serverAliases = ["*.${domain_name}"];
locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/.challenges";
};
locations."/" = {
return = "301 https://$host$request_uri";
};
};
})
domains
);
certs = lib.attrsets.genAttrs domains (
domain_name: {
webroot = "/var/lib/acme/.challenges";
group = "nginx";
}
);
in {
users.users.nginx.extraGroups = ["acme"];
services.nginx = {
enable = true;
inherit virtualHosts;
};
security.acme = {
acceptTerms = true;
defaults.email = "admin@vhack.eu";
inherit certs;
};
}
|