From d7aabdf1987fe3f2bcd2484e746c2880b5ae3ec8 Mon Sep 17 00:00:00 2001
From: Eli Ribble <eli@theribbles.org>
Date: Fri, 3 Jan 2025 09:02:07 -0700
Subject: [PATCH] Add ACME-based Let's Encrypt certificate for TLS

The bare "sovr.cloud" certificate doesn't work yet, but I'm leaving it
there for now.
---
 sovr/etc/nixos/configuration.nix | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/sovr/etc/nixos/configuration.nix b/sovr/etc/nixos/configuration.nix
index e0b0a7f..703c3d4 100644
--- a/sovr/etc/nixos/configuration.nix
+++ b/sovr/etc/nixos/configuration.nix
@@ -41,6 +41,22 @@
   programs.neovim.enable = true;
   programs.neovim.defaultEditor = true;
 
+  security.acme = {
+    acceptTerms = true;
+    certs."_.sovr.cloud" = {
+      dnsProvider = "porkbun";
+      domain = "*.sovr.cloud";
+      environmentFile = "/opt/keys/porkbun";
+      group = "nginx";
+    };
+    /*certs."sovr.cloud" = {
+      dnsProvider = "porkbun";
+      domain = "sovr.cloud";
+      environmentFile = "/opt/keys/porkbun";
+      group = "nginx";
+    };*/
+    defaults.email = "eli@theribbles.org";
+  };
   # Configure network proxy if necessary
   # networking.proxy.default = "http://user:password@proxy:port/";
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";