{ ... }: { imports = [ ./module-acme-ca.nix ]; my.acme.accounts = let base = { key_type = "EC256"; ignore_dns_propagation = true; }; letsencrypt = base // { contact = "letsencrypt@lukegb.com"; terms_of_service_agreed = true; }; letsencrypt-staging = letsencrypt // { server_url = "https://acme-staging-v02.api.letsencrypt.org/directory"; }; letsencrypt-prod = letsencrypt // { server_url = "https://acme-v02.api.letsencrypt.org/directory"; }; cloudflare = t: t // { provider = "cloudflare"; provider_configuration.CLOUDFLARE_DNS_API_TOKEN = "\${data.vault_generic_secret.misc.data[\"cloudflareToken\"]}"; }; gcloud-as205479 = t: t // { provider = "gcloud"; provider_configuration.GCE_PROJECT = "as205479-177317"; }; in { letsencrypt-cloudflare = cloudflare letsencrypt-prod; letsencrypt-staging-cloudflare = cloudflare letsencrypt-staging; letsencrypt-gcloud-as205479 = gcloud-as205479 letsencrypt-prod; letsencrypt-staging-gcloud-as205479 = gcloud-as205479 letsencrypt-staging; }; my.acme.roles = let cloudflareDomains = [ "lukegb.com" "bfob.gg" "lukegb.dev" "lukegb.tech" "lukegb.xyz" "zxcvbnm.ninja" ]; gcloudDomains = [ "as205479.net" "event.lukegb.tech" "tech.lukegb.tech" ]; in { letsencrypt-cloudflare.allowed_domains = cloudflareDomains; letsencrypt-staging-cloudflare.allowed_domains = cloudflareDomains; letsencrypt-gcloud-as205479.allowed_domains = gcloudDomains; letsencrypt-staging-gcloud-as205479.allowed_domains = gcloudDomains; }; }