zivildienst/infrastructure/modules/compute/nix/certbot.nix

18 lines
822 B
Nix

{ ... }: {
systemd.services.hetzner-certbot = {
environment = {
API_TOKEN = (builtins.readFile /opt/cloud-init-misc-data/hcloud_token);
AWS_ACCESS_KEY_ID = (builtins.readFile /opt/cloud-init-misc-data/aws_access_key_id);
AWS_SECRET_ACCESS_KEY = (builtins.readFile /opt/cloud-init-misc-data/aws_secret_access_key);
ENVIRONMENT = (builtins.readFile /opt/cloud-init-misc-data/environment);
SERVICE = "guidelines";
DOMAIN_NAME = (builtins.readFile /opt/cloud-init-misc-data/domain_name);
ALTERNATIVE_NAMES = (builtins.readFile /opt/cloud-init-misc-data/domain_alternative_names);
LETSENCRYPT_DIR = "/mnt/data/letsencrypt";
SERVICE_PORTS = "443,8443,9443"; # guidelines, kibana, vault
};
serviceConfig.Type = "oneshot";
script = "/opt/certbot.sh";
};
}