115 lines
2.8 KiB
Nix
115 lines
2.8 KiB
Nix
{ pkgs, ... }:
|
|
|
|
let
|
|
aws = "/var/lib/acme/.env";
|
|
|
|
extraLegoFlags = [ "--dns.resolvers=8.8.8.8:53" ];
|
|
|
|
in {
|
|
age.secrets.aws = {
|
|
file = ../../secret/lufta.aws.env.age;
|
|
path = "/var/lib/acme/.env";
|
|
mode = "600";
|
|
owner = "acme";
|
|
group = "nginx";
|
|
};
|
|
|
|
security.acme.defaults.email = "me@christine.website";
|
|
security.acme.acceptTerms = true;
|
|
|
|
security.acme.certs."xeiaso.net" = {
|
|
group = "nginx";
|
|
email = "me@christine.website";
|
|
dnsProvider = "route53";
|
|
credentialsFile = "${aws}";
|
|
extraDomainNames = [ "*.xeiaso.net" "xelaso.net" ];
|
|
inherit extraLegoFlags;
|
|
};
|
|
|
|
security.acme.certs."tulpa.dev" = {
|
|
group = "nginx";
|
|
email = "me@christine.website";
|
|
dnsProvider = "route53";
|
|
credentialsFile = "${aws}";
|
|
extraDomainNames = [ "*.tulpa.dev" ];
|
|
inherit extraLegoFlags;
|
|
};
|
|
|
|
security.acme.certs."christine.website" = {
|
|
group = "nginx";
|
|
email = "me@christine.website";
|
|
dnsProvider = "route53";
|
|
credentialsFile = "${aws}";
|
|
extraDomainNames = [ "*.christine.website" ];
|
|
inherit extraLegoFlags;
|
|
};
|
|
|
|
security.acme.certs."cetacean.club" = {
|
|
group = "nginx";
|
|
email = "me@christine.website";
|
|
dnsProvider = "route53";
|
|
credentialsFile = "${aws}";
|
|
extraDomainNames =
|
|
[ "*.cetacean.club" "*.kahless.cetacean.club" "*.lufta.cetacean.club" ];
|
|
inherit extraLegoFlags;
|
|
};
|
|
|
|
security.acme.certs."pvfmsets.cf" = {
|
|
group = "nginx";
|
|
email = "me@christine.website";
|
|
dnsProvider = "route53";
|
|
credentialsFile = "${aws}";
|
|
inherit extraLegoFlags;
|
|
};
|
|
|
|
security.acme.certs."tulpanomicon.guide" = {
|
|
group = "nginx";
|
|
email = "me@christine.website";
|
|
dnsProvider = "route53";
|
|
credentialsFile = "${aws}";
|
|
extraDomainNames = [ "*.tulpanomicon.guide" ];
|
|
inherit extraLegoFlags;
|
|
};
|
|
|
|
security.acme.certs."tulpaforce.xyz" = {
|
|
group = "nginx";
|
|
email = "me@christine.website";
|
|
dnsProvider = "route53";
|
|
credentialsFile = "${aws}";
|
|
extraDomainNames = [ "*.tulpaforce.xyz" ];
|
|
inherit extraLegoFlags;
|
|
};
|
|
|
|
security.acme.certs."within.website" = {
|
|
group = "nginx";
|
|
email = "me@christine.website";
|
|
dnsProvider = "route53";
|
|
credentialsFile = "${aws}";
|
|
extraDomainNames = [ "*.within.website" ];
|
|
inherit extraLegoFlags;
|
|
};
|
|
|
|
security.acme.certs."xeserv.us" = {
|
|
group = "nginx";
|
|
email = "me@christine.website";
|
|
dnsProvider = "route53";
|
|
credentialsFile = "${aws}";
|
|
extraDomainNames = [
|
|
"*.xeserv.us"
|
|
"*.greedo.xeserv.us"
|
|
"*.apps.xeserv.us"
|
|
"*.minipaas.xeserv.us"
|
|
];
|
|
inherit extraLegoFlags;
|
|
};
|
|
|
|
security.acme.certs."xn--u7hz981o.ws" = {
|
|
group = "nginx";
|
|
email = "me@christine.website";
|
|
dnsProvider = "route53";
|
|
credentialsFile = "${aws}";
|
|
extraDomainNames = [ "*.xn--u7hz981o.ws" ];
|
|
inherit extraLegoFlags;
|
|
};
|
|
}
|