nixos-config/profiles/services/basic_acme.nix

# Starts an Nginx server on $HOSTNAME just to get a cert for this host

{ config, pkgs, environment, ... }:

let
  hostname = config.networking.hostName;

  wwwRoot = pkgs.writeTextFile {
    name = "index.html";

    text = ''
      <html>
        <head>
          <title>${hostname}</title>
        </head>
        <body>
          <h1>${hostname}</title>
        </body>
      </html>
    '';
    destination = "/www";
  };

in {

  services.nginx = {
    enable = true;

    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedTlsSettings = true;

    virtualHosts."${hostname}" = {
      enableACME = true;
      forceSSL = true;
      root = wwwRoot + ("/" + "www");
    };
  };

  security.acme.certs = {
    ${hostname}.email = "admin@fudo.org";
  };
}
Initial re-checki 2019-12-25 17:20:36 -06:00			`# Starts an Nginx server on $HOSTNAME just to get a cert for this host`

			`{ config, pkgs, environment, ... }:`

			`let`
			`hostname = config.networking.hostName;`

			`wwwRoot = pkgs.writeTextFile {`
			`name = "index.html";`

			`text = ''`
			`<html>`
			`<head>`
			`<title>${hostname}</title>`
			`</head>`
			`<body>`
			`<h1>${hostname}</title>`
			`</body>`
			`</html>`
			`'';`
			`destination = "/www";`
			`};`

			`in {`

			`services.nginx = {`
			`enable = true;`

			`recommendedGzipSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedTlsSettings = true;`

			`virtualHosts."${hostname}" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`root = wwwRoot + ("/" + "www");`
			`};`
			`};`

			`security.acme.certs = {`
			`${hostname}.email = "admin@fudo.org";`
			`};`
			`}`