caddy: wildcard TLS via DNS-01 challenge + ddns-updater for Njalla
Some checks failed
Build and Deploy / deploy (push) Failing after 31m3s
Some checks failed
Build and Deploy / deploy (push) Failing after 31m3s
Build Caddy with the caddy-dns/njalla plugin to enable DNS-01 ACME challenges. This issues a single wildcard certificate for *.sigkill.computer instead of per-subdomain certificates, reducing Let's Encrypt API calls and certificate management overhead. Add ddns-updater service (nixpkgs services.ddns-updater) configured with Njalla provider to automatically update DNS records when the server's public IP changes.
This commit is contained in:
14
services/ddns-updater.nix
Normal file
14
services/ddns-updater.nix
Normal file
@@ -0,0 +1,14 @@
|
||||
{
|
||||
config,
|
||||
...
|
||||
}:
|
||||
{
|
||||
services.ddns-updater = {
|
||||
enable = true;
|
||||
environment = {
|
||||
PERIOD = "5m";
|
||||
# ddns-updater reads config from this path at runtime
|
||||
CONFIG_FILEPATH = config.age.secrets.ddns-updater-config.path;
|
||||
};
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user