server-configs/shared/applications/server/acme.nix

{ config, lib, ... }:

{
  # default acme settings
  security.acme = {
    acceptTerms = true;

    defaults.email = "fricloudacme.cameo530@simplelogin.com";
  };

  # give Nginx access to our certs
  services.nginx.group = config.security.acme.defaults.group;

  # acme user
  users.groups."${config.security.acme.defaults.group}".members = [];

  # state
  environment.persistence = lib.optionalAttrs config.mine.state.enable {
    root.directories = [
      "/var/lib/acme"
    ];
  };
}
applications.server.acme: defaults + persists state 2024-08-08 17:38:02 +00:00			`{ config, lib, ... }:`

			`{`
			`# default acme settings`
			`security.acme = {`
			`acceptTerms = true;`

			`defaults.email = "fricloudacme.cameo530@simplelogin.com";`
			`};`

			`# give Nginx access to our certs`
			`services.nginx.group = config.security.acme.defaults.group;`

			`# acme user`
			`users.groups."${config.security.acme.defaults.group}".members = [];`

			`# state`
			`environment.persistence = lib.optionalAttrs config.mine.state.enable {`
			`root.directories = [`
			`"/var/lib/acme"`
			`];`
			`};`
			`}`