diff --git a/modules/acme-home.nix b/modules/acme-home.nix index e0e15bd..77de9c9 100644 --- a/modules/acme-home.nix +++ b/modules/acme-home.nix @@ -1,26 +1,34 @@ -{ config, lib, ... }: { - imports = [ - ./gandi.nix - ]; - + config, + lib, + pkgs, + ... +}: +{ security.acme = { acceptTerms = true; defaults.email = lib.mkDefault "admin@rpqt.fr"; }; - security.acme = { - certs."home.rpqt.fr" = { - group = config.services.nginx.group; - domain = "home.rpqt.fr"; - extraDomainNames = [ "*.home.rpqt.fr" ]; - dnsProvider = "gandiv5"; - dnsPropagationCheck = true; - environmentFile = config.clan.core.vars.generators.gandi.files.gandi-env.path; - email = "admin@rpqt.fr"; - dnsResolver = "1.1.1.1:53"; - }; - }; + # security.acme = { + # certs."home.rpqt.fr" = { + # group = config.services.nginx.group; + # domain = "home.rpqt.fr"; + # extraDomainNames = [ "*.home.rpqt.fr" ]; + # dnsProvider = "rfc2136"; + # dnsPropagationCheck = true; + # credentialFiles = { + # RFC2136_TSIG_SECRET_FILE = config.clan.core.vars.generators.coredns.files.tsig-key.path; + # }; + # environmentFile = pkgs.writeFile '' + # RFC2136_NAMESERVER=fd28:387a:90:c400::1 + # ''; + # email = "admin@rpqt.fr"; + # dnsResolver = "1.1.1.1:53"; + # server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # TODO: use production api + # }; + # }; - clan.core.vars.generators.gandi.files.gandi-env.owner = "acme"; + # clan.core.vars.generators.coredns.files.tsig-key.group = "acme"; + # clan.core.vars.generators.coredns.files.tsig-key.mode = "0440"; } diff --git a/modules/gandi.nix b/modules/gandi.nix deleted file mode 100644 index 9a97757..0000000 --- a/modules/gandi.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - clan.core.vars.generators.gandi = { - prompts.gandi-token = { - description = "gandi access token"; - type = "hidden"; - }; - files.gandi-env = { - secret = true; - }; - script = '' - printf %s "GANDIV5_PERSONAL_ACCESS_TOKEN=" >> $out/gandi-env - cat $prompts/gandi-token >> $out/gandi-env - ''; - }; -}