infra/libkookie/configuration/server/acme/gaia.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

{ config, ... }:

{
  # HACK (doesn't work): solution to failing ACME services due to
  # failing DNS // See: https://github.com/NixOS/nixpkgs/issues/106862
  systemd.services."acme-fixperms".wants = [ "bind.service" ];
  systemd.services."acme-fixperms".after = [ "bind.service" ];
  
  security.acme.acceptTerms = true;
  security.acme.certs."alarei.kookie.space" = {
    email = "letsencrypt@spacekookie.de";
    webroot = "/var/lib/acme/acme-challenge";
    extraDomainNames = [ 
      "kookiejar.tech"
      "media.kookiejar.tech"
      "media.alarei.kookie.space"
      "sync.kookiejar.tech"
      "sync.alarei.kookie.space"
      "cloud.kookiejar.tech"
      "could.alarei.kookie.space"
      "music.kookiejar.tech"
      "music.alarei.kookie.space"
    ];
    group = "nginx";
  };

  users.users.nginx.extraGroups = [ "core" ];

  services.nginx.clientMaxBodySize = "2048M";
}