612781e816
This new service invokes `simp_le` for a defined set of certs on a regular
basis with a systemd timer. `simp_le` is smart enough to handle account
registration, domain validation and renewal on its own. The only thing
required is an existing HTTP server that serves the path
`/.well-known/acme-challenge` from the webroot cert parameter.
Example:
services.simp_le.certs."foo.example.com" = {
webroot = "/var/www/challenges";
extraDomains = [ "www.example.com" ];
email = "foo@example.com";
validMin = 2592000;
renewInterval = "weekly";
};
Example Nginx vhost:
services.nginx.appendConfig = ''
http {
server {
server_name _;
listen 80;
listen [::]:80;
location /.well-known/acme-challenge {
root /var/www/challenges;
}
location / {
return 301 https://$host$request_uri;
}
}
}
'';
|
||
|---|---|---|
| .. | ||
| clamav.nix | ||
| fail2ban.nix | ||
| fprintd.nix | ||
| fprot.nix | ||
| frandom.nix | ||
| haveged.nix | ||
| hologram.nix | ||
| munge.nix | ||
| physlock.nix | ||
| simp_le.nix | ||
| tor.nix | ||
| torify.nix | ||
| torsocks.nix | ||