36 lines
729 B
Nix
36 lines
729 B
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
systemd.services.letsencrypt = {
|
|
path = [ pkgs.simp_le ];
|
|
|
|
restartIfChanged = false;
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
};
|
|
|
|
script = ''
|
|
mkdir -p /etc/sslcerts/acmeroot
|
|
cd /etc/sslcerts
|
|
|
|
simp_le \
|
|
-d git.gebner.org \
|
|
-d mail.gebner.org \
|
|
-d gebner.org \
|
|
-d www.gebner.org \
|
|
-d gabrielebner.at \
|
|
-d www.gabrielebner.at \
|
|
-d 2b7e.org \
|
|
-d www.2b7e.org \
|
|
--default_root $PWD/acmeroot \
|
|
-f account_key.json -f fullchain.pem -f key.pem \
|
|
--email gebner@gebner.org
|
|
|
|
cp key.pem key-dovecot.pem
|
|
chown dovecot2 key-dovecot.pem
|
|
'';
|
|
|
|
startAt = "04:00";
|
|
};
|
|
}
|