25 lines
495 B
Nix
25 lines
495 B
Nix
{ config, pkgs, lib, conf, ... }:
|
|
let
|
|
domain = conf.network.addresses.domain.natto;
|
|
in
|
|
{
|
|
services = {
|
|
cron.enable = true;
|
|
|
|
openssh = {
|
|
enable = true;
|
|
settings.PermitRootLogin = "yes";
|
|
ports = [ 22 ];
|
|
};
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
certs = lib.mapAttrs (n: _: { email = "natto@${domain}"; })
|
|
(lib.filterAttrs (_: v: v.enableACME) config.services.nginx.virtualHosts);
|
|
};
|
|
|
|
security.pki.certificateFiles = [ ../../cert.pem ];
|
|
}
|
|
|