2024-04-16 02:32:16 +02:00
|
|
|
{lib, ...}: {
|
2024-04-24 02:06:04 +02:00
|
|
|
security.acme.certs = {
|
|
|
|
"caspervk.net" = {
|
|
|
|
domain = "*.caspervk.net";
|
|
|
|
reloadServices = [
|
|
|
|
"caddy.service"
|
2024-04-26 01:25:50 +02:00
|
|
|
"dovecot2.service"
|
|
|
|
"postfix.service"
|
2024-04-24 02:06:04 +02:00
|
|
|
];
|
|
|
|
# The NixOS Caddy module is a little too clever and sets the cert's group
|
|
|
|
# to 'caddy', which means other services can't load it. This is not needed
|
|
|
|
# since we handle the group membership manually.
|
|
|
|
group = lib.mkForce "acme";
|
|
|
|
};
|
|
|
|
"sudomail.org" = {
|
|
|
|
reloadServices = [
|
|
|
|
"caddy.service"
|
|
|
|
];
|
|
|
|
group = lib.mkForce "acme";
|
|
|
|
};
|
2024-04-16 01:49:39 +02:00
|
|
|
};
|
|
|
|
users.groups.acme.members = [
|
|
|
|
"caddy"
|
2024-04-26 01:25:50 +02:00
|
|
|
"dovecot2"
|
|
|
|
"postfix"
|
2024-04-16 01:49:39 +02:00
|
|
|
];
|
|
|
|
}
|