Wildcard cert for stranger.systems

2025-04-02 04:41:04 -04:00 · 2025-04-02 04:41:04 -04:00 · f715fd0807
commit f715fd0807
parent bc55a7e78f
1 changed files with 11 additions and 0 deletions
--- a/nixos/machines/driftwood/configuration.nix
+++ b/nixos/machines/driftwood/configuration.nix
@ -32,6 +32,17 @@
    defaults = {
      email = "admin@stranger.systems";
    };
+    # Get a wildcard cert
+    certs."wildcard.stranger.systems" = {
+      domain = "stranger.systems";
+      extraDomainNames = ["*.stranger.systems"];
+      dnsProvider = "cloudflare";
+      dnsPropagationCheck = true;
+      credentialFiles = {
+        "CLOUDFLARE_EMAIL_FILE" = "/run/secrets/cloudflare/email";
+        "CLOUDFLARE_API_KEY_FILE" = "/run/secrets/cloudflare/key";
+      };
+    };
  };

  # ACME data must be readable by the NGINX user