28 lines
529 B
Nix
28 lines
529 B
Nix
{config, ...}: {
|
|
services = {
|
|
step-ca = {
|
|
enable = true;
|
|
address = "[::]";
|
|
port = 8443;
|
|
intermediatePasswordFile = config.sops.secrets."stepPass".path;
|
|
|
|
settings = {
|
|
dnsNames = [
|
|
"ca.hand7s.org"
|
|
];
|
|
|
|
authority = {
|
|
provisioners = [
|
|
{
|
|
type = "ACME";
|
|
name = "cloudflare";
|
|
claims = {
|
|
enable_dns_01 = true;
|
|
};
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|