Simon Gardling
ce1c335230
Build Caddy with the caddy-dns/njalla plugin to enable DNS-01 ACME challenges. This issues a single wildcard certificate for *.sigkill.computer instead of per-subdomain certificates, reducing Let's Encrypt API calls and certificate management overhead. Add ddns-updater service (nixpkgs services.ddns-updater) configured with Njalla provider to automatically update DNS records when the server's public IP changes.
15 lines
254 B
Nix
15 lines
254 B
Nix
{
|
|
config,
|
|
...
|
|
}:
|
|
{
|
|
services.ddns-updater = {
|
|
enable = true;
|
|
environment = {
|
|
PERIOD = "5m";
|
|
# ddns-updater reads config from this path at runtime
|
|
CONFIG_FILEPATH = config.age.secrets.ddns-updater-config.path;
|
|
};
|
|
};
|
|
}
|