rm step-ca and coredns

2026-05-17 23:01:56 +02:00 · 2026-05-17 23:01:56 +02:00 · 27492ea730
commit 27492ea730
parent 5c8d94d03d
7 changed files with 24 additions and 162 deletions
--- a/hosts/rx4/services/nginx.nix
+++ b/hosts/rx4/services/nginx.nix
@ -7,6 +7,8 @@

 let
  cfg = config.services.nginx;
+
+  inherit (constants) domain;
 in
 {
  imports = [
@ -34,4 +36,21 @@ in
      };
    };
  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "admin@${domain}";
+      dnsProvider = "hetzner";
+      credentialFiles = {
+        HETZNER_API_TOKEN_FILE = config.sops.secrets.hetzner-api-key.path;
+      };
+    };
+  };
+
+  sops.secrets.hetzner-api-key = {
+    mode = "0400";
+    owner = "acme";
+    group = "acme";
+  };
 }