dotfiles/modules/nixos/services/acme/default.nix

{
  config,
  flake,
  ...
}:
let
  inherit (flake.config.people)
    user0
    ;
  inherit (flake.config.people.users.${user0})
    email
    ;
  inherit (flake.config.services)
    instances
    ;
  domain0 = instances.web.domains.url0;
  domain1 = instances.web.domains.url1;
  domain3 = instances.web.domains.url3;
  dns = instances.web.dns.provider0;
  instanceName = service: (instances.${service}.subdomain);
  dnsConfig = {
    dnsProvider = dns;
    directory = instances.acme.paths.path0;
    environmentFile = config.sops.secrets."dns/namecheap".path;
  };
in
{
  security.acme = {
    acceptTerms = true;
    defaults = {
      email = email.address0;
      server = "https://acme-v02.api.letsencrypt.org/directory";
    };
    certs = builtins.listToAttrs (
      (map
        (service: {
          name = "${instanceName service}.${domain0}";
          value = dnsConfig;
        })
        [
          "jellyfin"
          "minecraft"
          "ollama"
          "syncthing"
          "vaultwarden"
        ]
      )
      ++ (map
        (service: {
          name = "${instanceName service}.${domain3}";
          value = dnsConfig;
        })
        [
          "peertube"
          "forgejo"
          "mastodon"
        ]
      )
      ++ (map
        (name: {
          name = name;
          value = dnsConfig;
        })
        [
          domain0
          domain1
          domain3
        ]
      )
    );
  };
  sops =
    let
      sopsSecrets = [
        "pass"
      ];
      sopsPath = secret: {
        path = "/var/lib/secrets/${instances.acme.name}/${dns}-${secret}";
        owner = "root";
        mode = "600";
      };
    in
    {
      secrets = builtins.listToAttrs (
        map (secret: {
          name = "dns/${dns}";
          value = sopsPath secret;
        }) sopsSecrets
      );
    };
}
feat: init 2024-10-06 15:25:05 -05:00			`{`
			`config,`
			`flake,`
			`...`
feat: forgejo test 2025-01-18 18:48:37 -06:00			`}:`
			`let`
			`inherit (flake.config.people)`
feat: expanded all lists 2025-01-08 19:06:14 -06:00			`user0`
			`;`
feat: forgejo test 2025-01-18 18:48:37 -06:00			`inherit (flake.config.people.users.${user0})`
feat: expanded all lists 2025-01-08 19:06:14 -06:00			`email`
			`;`
feat: forgejo test 2025-01-18 18:48:37 -06:00			`inherit (flake.config.services)`
feat: expanded all lists 2025-01-08 19:06:14 -06:00			`instances`
			`;`
feat: changed config module names 2024-11-04 20:49:43 -06:00			`domain0 = instances.web.domains.url0;`
			`domain1 = instances.web.domains.url1;`
feat: added new site stuff 2024-12-08 22:53:40 -06:00			`domain3 = instances.web.domains.url3;`
feat: changed config module names 2024-11-04 20:49:43 -06:00			`dns = instances.web.dns.provider0;`
			`instanceName = service: (instances.${service}.subdomain);`
feat: init 2024-10-06 15:25:05 -05:00			`dnsConfig = {`
feat: refactored abstractions 2024-10-19 18:22:29 -05:00			`dnsProvider = dns;`
feat: changed config module names 2024-11-04 20:49:43 -06:00			`directory = instances.acme.paths.path0;`
feat: init 2024-10-06 15:25:05 -05:00			`environmentFile = config.sops.secrets."dns/namecheap".path;`
			`};`
feat: forgejo test 2025-01-18 18:48:37 -06:00			`in`
			`{`
feat: init 2024-10-06 15:25:05 -05:00			`security.acme = {`
			`acceptTerms = true;`
			`defaults = {`
			`email = email.address0;`
			`server = "https://acme-v02.api.letsencrypt.org/directory";`
			`};`
			`certs = builtins.listToAttrs (`
feat: forgejo test 2025-01-18 18:48:37 -06:00			`(map`
			`(service: {`
feat: server test 2024-11-23 20:47:35 -06:00			`name = "${instanceName service}.${domain0}";`
feat: init 2024-10-06 15:25:05 -05:00			`value = dnsConfig;`
			`})`
feat: server test 2024-11-23 20:47:35 -06:00			`[`
refactor: reworked all maps 2024-11-04 02:09:15 -06:00			`"jellyfin"`
			`"minecraft"`
			`"ollama"`
			`"syncthing"`
			`"vaultwarden"`
feat: forgejo test 2025-01-18 18:48:37 -06:00			`]`
			`)`
			`++ (map`
			`(service: {`
feat: caddy test 2024-12-19 22:09:26 -06:00			`name = "${instanceName service}.${domain3}";`
			`value = dnsConfig;`
			`})`
			`[`
refactor: reworked all maps 2024-11-04 02:09:15 -06:00			`"peertube"`
feat: forgejo test 2025-01-18 18:48:37 -06:00			`"forgejo"`
feat: forgejo test 2025-01-19 00:39:21 -06:00			`"mastodon"`
feat: forgejo test 2025-01-18 18:48:37 -06:00			`]`
			`)`
			`++ (map`
			`(name: {`
feat: init 2024-10-06 15:25:05 -05:00			`name = name;`
			`value = dnsConfig;`
			`})`
refactor: reworked all maps 2024-11-04 02:09:15 -06:00			`[`
			`domain0`
			`domain1`
feat: added new site stuff 2024-12-08 22:53:40 -06:00			`domain3`
feat: forgejo test 2025-01-18 18:48:37 -06:00			`]`
			`)`
feat: init 2024-10-06 15:25:05 -05:00			`);`
			`};`
feat: forgejo test 2025-01-18 18:48:37 -06:00			`sops =`
			`let`
			`sopsSecrets = [`
			`"pass"`
			`];`
			`sopsPath = secret: {`
			`path = "/var/lib/secrets/${instances.acme.name}/${dns}-${secret}";`
			`owner = "root";`
			`mode = "600";`
			`};`
			`in`
			`{`
			`secrets = builtins.listToAttrs (`
			`map (secret: {`
			`name = "dns/${dns}";`
			`value = sopsPath secret;`
			`}) sopsSecrets`
			`);`
feat: init 2024-10-06 15:25:05 -05:00			`};`
			`}`