nixos/modules/services/acme.nix

{config,...}:
{
  
  sops.secrets.acme-env-file = {
    sopsFile = ../../secrets/acme.env;
    format = "dotenv";
  };

  security.acme = {
    acceptTerms = true;

    defaults = {
      email = "root@crans.org";
      dnsPropagationCheck = false;      
    };
    certs."crans.org" = {
      domain = "*.crans.org";
      dnsProvider = "rfc2136";
      # contient le serveur a contacter avec le protocol
      # et le mdp
      environmentFile = config.sops.secrets.acme-env-file.path;    
    };
  };
}