ACME and SSL stuff

configuration.nix

@@ -14,6 +14,7 @@
       ./hardware-configuration.nix
       ./users/users.nix
       ./services/gitea.nix
+      ./services/duckddns.nix
     ];
   
   # Use the systemd-boot EFI boot loader.
@@ -28,6 +29,12 @@
     "nixpkgs=${pkgs.path}"
   ];
 
+  # ACME
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "sky.hearn@pm.me";
+  };
+
   # wireguard server setup
   # enable NAT
   networking.nat.enable = true;
@@ -94,7 +101,9 @@
   virtualisation.podman.defaultNetwork.settings.dns_enabled = true;
 
   environment.systemPackages = [
+    pkgs.bash
     pkgs.wget
+    pkgs.curl
     pkgs.vim
  
     pkgs.arion

services/duckddns.nix

@@ -0,0 +1,22 @@
+{pkgs, ...}: 
+{
+  systemd.timers."duckddns" = {
+    wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnBootSec = "5m";
+	OnUnitActiveSec = "5m";
+	Unit = "duckddns.service";
+      };
+  };
+
+  systemd.services."duckddns"= {
+    # hiding my token hehe
+    script = ''
+      bash /home/sky/duckddns.sh  
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+    };
+  };
+}

services/gitea.nix

@@ -1,8 +1,8 @@
 { config, ... }:
 {
-  services.nginx.virtualHosts."git.my-domain.tld" = {
+  services.nginx.virtualHosts."git.skymath.duckdns.org" = {
-    enableACME = false;
+    enableACME = true;
-    forceSSL = false;
+    forceSSL = true;
     locations."/" = {
       proxyPass = "http://localhost:3001/";
     };