infrastructure/machines/core-services-01/acme-dns.nix

{ config, ... }:
let
  my = config.my;
in
{
  services.acme-dns = {
    enable = true;
    domain = "acme.${my.subZone}";
    nsname = "acme.${my.subZone}";
    nsadmin = my.emailWithDot;
    dns.listen = "[${my.ipv6.acme}]"; # :-).
    records = [
      "acme.${my.subZone}. AAAA ${my.ipv6.acme}"
      "acme.${my.subZone}. NS acme.${my.subZone}."
    ];
  };

  services.nginx.enable = true;
  services.nginx.virtualHosts."acme.${my.subZone}" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:8090";
    };
  };
}
Integrate core-services-01 in a nice workflow (#1) This enables the tracking of core-services-01 over the infrastructure repository. Co-authored-by: Gabriel DORIATH DOHLER <gabriel.doriath.dohler@ens.psl.eu> Reviewed-on: https://git.rz.ens.wtf/Klub-RZ/infrastructure/pulls/1 Co-authored-by: raito <raito@noreply.git.rz.ens.wtf> Co-committed-by: raito <raito@noreply.git.rz.ens.wtf> 2021-07-26 01:29:05 +02:00			`{ config, ... }:`
			`let`
			`my = config.my;`
			`in`
			`{`
			`services.acme-dns = {`
			`enable = true;`
			`domain = "acme.${my.subZone}";`
			`nsname = "acme.${my.subZone}";`
			`nsadmin = my.emailWithDot;`
			`dns.listen = "[${my.ipv6.acme}]"; # :-).`
			`records = [`
			`"acme.${my.subZone}. AAAA ${my.ipv6.acme}"`
			`"acme.${my.subZone}. NS acme.${my.subZone}."`
			`];`
			`};`

			`services.nginx.enable = true;`
			`services.nginx.virtualHosts."acme.${my.subZone}" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://localhost:8090";`
			`};`
			`};`
			`}`