From ffd261ab2d99d5b65d88d5b27428c6ce62529cce Mon Sep 17 00:00:00 2001
From: root <root@pastila>
Date: Fri, 31 May 2024 11:56:19 +0200
Subject: [PATCH] pastila: wip letsencrypt setup

---
 pastila/configuration.nix |  2 ++
 pastila/letsencrypt.nix   | 25 +++++++++++++++++++++++++
 2 files changed, 27 insertions(+)
 create mode 100644 pastila/letsencrypt.nix

diff --git a/pastila/configuration.nix b/pastila/configuration.nix
index 3f0deda..77665d7 100644
--- a/pastila/configuration.nix
+++ b/pastila/configuration.nix
@@ -11,6 +11,7 @@ in
       ./backups.nix
       ./armael.nix
       ./gitolite.nix
+      ./letsencrypt.nix
     ];
 
   # Use the GRUB 2 boot loader.
@@ -56,6 +57,7 @@ in
     weechat
     transmission
     tremc
+    poezio
   ];
 
   # This option defines the first version of NixOS you have installed on this particular machine,
diff --git a/pastila/letsencrypt.nix b/pastila/letsencrypt.nix
new file mode 100644
index 0000000..8c067a8
--- /dev/null
+++ b/pastila/letsencrypt.nix
@@ -0,0 +1,25 @@
+{ config, lib, pkgs, ... }:
+
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "armael@deuxfleurs.fr";
+    defaults.dnsProvider = "gandiv5";
+    defaults.credentialFiles = {
+      "GANDIV5_PERSONAL_ACCESS_TOKEN_FILE" = "/etc/secrets/acme/gandi_access_token";
+      "GANDIV5_API_KEY_FILE" = "/etc/secrets/acme/gandi_api_key";
+    };
+    # certs."isomorphis.me" = {};
+    # certs."mail" = {
+    #   domain = "smtp.isomorphis.me";
+    #   extraDomainNames = [
+    #     "imap.isomorphis.me"
+    # 	"smtp.tremeg.net"
+    # 	"imap.tremeg.net"
+    # 	"smtp.gueneau.me"
+    # 	"imap.gueneau.me"
+    #   ];
+    # };
+    certs."pastila.isomorphis.me" = {};
+  };
+}
\ No newline at end of file