1 files changed, 18 insertions, 0 deletions

diff --git a/profiles/acme.nix b/profiles/acme.nix
new file mode 100644
index 0000000..7fc62d3
--- /dev/null
+++ b/profiles/acme.nix
@@ -0,0 +1,18 @@
+{ pkgs, lib, config, ... }:
+let
+  secrets = config.age.secrets;
+in
+{
+  security.acme.acceptTerms = true;
+  security.acme.defaults = {
+    email = "le@fcuny.net";
+    dnsProvider = "gandiv5";
+    group = config.services.nginx.group;
+    credentialsFile = secrets."gandi/apikey".path;
+    dnsPropagationCheck = true;
+  };
+  security.acme.certs."${config.homelab.domain}" = {
+    domain = "*.${config.homelab.domain}";
+    extraDomainNames = [ config.homelab.domain ];
+  };
+}