50 lines
1.6 KiB
Nix
50 lines
1.6 KiB
Nix
{ ... }:
|
|
|
|
{
|
|
imports = [ ./module-acme-ca.nix ];
|
|
|
|
my.acme.accounts = let
|
|
base = {
|
|
key_type = "EC256";
|
|
ignore_dns_propagation = true;
|
|
};
|
|
letsencrypt = base // {
|
|
contact = "letsencrypt@lukegb.com";
|
|
terms_of_service_agreed = true;
|
|
};
|
|
letsencrypt-staging = letsencrypt // {
|
|
server_url = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
};
|
|
letsencrypt-prod = letsencrypt // {
|
|
server_url = "https://acme-v02.api.letsencrypt.org/directory";
|
|
};
|
|
|
|
cloudflare = t: t // {
|
|
provider = "cloudflare";
|
|
provider_configuration.CLOUDFLARE_DNS_API_TOKEN = "\${data.vault_generic_secret.misc.data[\"cloudflareToken\"]}";
|
|
};
|
|
gcloud-as205479 = t: t // {
|
|
provider = "gcloud";
|
|
provider_configuration.GCE_PROJECT = "as205479-177317";
|
|
};
|
|
in {
|
|
letsencrypt-cloudflare = cloudflare letsencrypt-prod;
|
|
letsencrypt-staging-cloudflare = cloudflare letsencrypt-staging;
|
|
|
|
letsencrypt-gcloud-as205479 = gcloud-as205479 letsencrypt-prod;
|
|
letsencrypt-staging-gcloud-as205479 = gcloud-as205479 letsencrypt-staging;
|
|
};
|
|
|
|
my.acme.roles = let
|
|
cloudflareDomains = [ "lukegb.com" "bfob.gg" "lukegb.dev" "lukegb.tech" "lukegb.xyz" "zxcvbnm.ninja" ];
|
|
gcloudDomains = [ "as205479.net" "event.lukegb.tech" "tech.lukegb.tech" ];
|
|
in {
|
|
letsencrypt-cloudflare.allowed_domains = cloudflareDomains;
|
|
letsencrypt-staging-cloudflare.allowed_domains = cloudflareDomains;
|
|
|
|
letsencrypt-gcloud-as205479.allowed_domains = gcloudDomains;
|
|
letsencrypt-staging-gcloud-as205479.allowed_domains = gcloudDomains;
|
|
|
|
google-cloudflare.allowed_domains = cloudflareDomains;
|
|
};
|
|
}
|