feat: step ca for nextcloud

2025-04-26 21:09:10 +08:00 · 2025-04-26 21:09:10 +08:00 · d6e8e23d3b
commit d6e8e23d3b
parent b655f6ad4e
7 changed files with 110 additions and 45 deletions
--- a/system/dev/dn-server/cerbot.nix
+++ b/system/dev/dn-server/cerbot.nix
@ -0,0 +1,29 @@
+{ pkgs, ... }:
+{
+  systemd.timers."certbot-renew" = {
+    enable = true;
+    description = "certbot renew";
+    timerConfig = {
+      OnCalendar = "*-*-* 03:00:00";
+      Persistent = true;
+      OnUnitActiveSec = "1d";
+      Unit = "certbot-renew.service";
+    };
+    wantedBy = [ "timers.target" ];
+  };
+
+  systemd.services."certbot-renew" = {
+    enable = true;
+    after = [
+      "nginx.service"
+      "network.target"
+    ];
+    wantedBy = [ "multi-user.target" ];
+    environment = {
+      "REQUESTS_CA_BUNDLE" = "/var/lib/step-ca/certs/root_ca.crt";
+    };
+    serviceConfig = {
+      ExecStart = "${pkgs.certbot}/bin/certbot renew";
+    };
+  };
+}