- config = {
- services.websitesCerts = config.services.myCertificates.certConfig;
- myServices.databasesCerts = config.services.myCertificates.certConfig;
- myServices.ircCerts = config.services.myCertificates.certConfig;
+ config = lib.mkIf config.myServices.certificates.enable {
+ services.duplyBackup.profiles.system.excludeFile = ''
+ + /var/lib/acme/acme-challenge
+ '';
+ services.nginx = {
+ recommendedTlsSettings = true;
+ virtualHosts = { "${config.hostEnv.fqdn}" = { useACMEHost = name; forceSSL = true; }; };
+ };
+ services.websites.certs = config.myServices.certificates.certConfig;
+ myServices.databasesCerts = config.myServices.certificates.certConfig;
+ myServices.ircCerts = config.myServices.certificates.certConfig;