ACME: Difference between revisions
m
no edit summary
imported>Onny mNo edit summary |
mNo edit summary |
||
| (5 intermediate revisions by 3 users not shown) | |||
| Line 8: | Line 8: | ||
security.acme = { | security.acme = { | ||
acceptTerms = true; | acceptTerms = true; | ||
defaults.email = "admin+acme@example. | defaults.email = "admin+acme@example.org"; | ||
certs."mx1.example.org" = { | certs."mx1.example.org" = { | ||
dnsProvider = "inwx"; | dnsProvider = "inwx"; | ||
# | # Supplying password files like this will make your credentials world-readable | ||
# in the Nix store. This is for demonstration purpose only, do not use this in production. | # in the Nix store. This is for demonstration purpose only, do not use this in production. | ||
environmentFile = "${pkgs.writeText "inwx-creds" '' | |||
INWX_USERNAME=xxxxxxxxxx | INWX_USERNAME=xxxxxxxxxx | ||
INWX_PASSWORD=yyyyyyyyyy | INWX_PASSWORD=yyyyyyyyyy | ||
| Line 22: | Line 22: | ||
Certificates are getting generated for the domain <code>mx1.example.org</code> using the DNS provider <code>inwx</code>. See [https://go-acme.github.io/lego/dns upstream documentation] on available providers and their specific configuration for the <code>credentialsFile</code> option. | Certificates are getting generated for the domain <code>mx1.example.org</code> using the DNS provider <code>inwx</code>. See [https://go-acme.github.io/lego/dns upstream documentation] on available providers and their specific configuration for the <code>credentialsFile</code> option. | ||
== Usage == | |||
After successfull generation, certificates can be found in the directory <code>/var/lib/acme</code>. To use certificates in other applications, permissions can be adjusted by setting a group name as a string or reference it. | |||
<syntaxhighlight lang="nix"> | |||
security.acme.certs."mx1.example.org".group = config.services.maddy.group; | |||
</syntaxhighlight> | |||
== Using Let's Encrypt Staging == | |||
If you'd like to use the Let's Encrypt [https://letsencrypt.org/docs/staging-environment/ staging environment], eg for its less stringent rate limits, set | |||
<syntaxhighlight lang="nix"> | |||
security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; | |||
</syntaxhighlight> | |||
== See also == | == See also == | ||
* NixOS manual on [https://nixos.org/manual/nixos/stable/index.html#module-security-acme SSL/TLS Certificates with ACME] | * NixOS manual on [https://nixos.org/manual/nixos/stable/index.html#module-security-acme SSL/TLS Certificates with ACME] | ||
[[Category: Server]] | |||
[[Category: Networking]] | |||