acme: Switch to a wildcard certificate

2024-04-16 01:08:13 +02:00 · 2024-04-16 01:08:13 +02:00 · e16f3be326
commit e16f3be326
parent 8f178f776e
11 changed files with 24 additions and 11 deletions
--- a/configuration/nginx.nix
+++ b/configuration/nginx.nix
@ -49,6 +49,13 @@
  security.acme = {
    defaults.email = "tm@tlater.net";
    acceptTerms = true;
+
+    certs."tlater.net" = {
+      extraDomainNames = ["*.tlater.net"];
+      dnsProvider = "hetzner";
+      group = "nginx";
+      credentialFiles."HETZNER_API_KEY_FILE" = config.sops.secrets."hetzner-api".path;
+    };
  };

  services.backups.acme = {