How does the ACME cert integration work here? I can see it in the config there but am not familiar enough with NixOS to understand it. Does it include a Nginx plugin that I am not aware of, is something built into Nginx directly or does it run a script (e.g. acme.sh or certbot) separately?
It creates systemd units for getting and renewing the certificates (IIRC a systemd timer for renewal). It’s really nice, I have some NixOS machines running for years and all the ACME stuff is fully automatic.
The config seen sets up a nginx with a virtual host, using certbot (not sure which ACME-client is used by default but probably certbot) to fetch the certificates.
NixOS is very nice, especially in cases like this.
How does the ACME cert integration work here? I can see it in the config there but am not familiar enough with NixOS to understand it. Does it include a Nginx plugin that I am not aware of, is something built into Nginx directly or does it run a script (e.g. acme.sh or certbot) separately?
I’ve been using a custom docker container that runs
certbot --nginxto simplify my own deployment.It creates systemd units for getting and renewing the certificates (IIRC a systemd timer for renewal). It’s really nice, I have some NixOS machines running for years and all the ACME stuff is fully automatic.
The config seen sets up a nginx with a virtual host, using certbot (not sure which ACME-client is used by default but probably certbot) to fetch the certificates.
NixOS is very nice, especially in cases like this.
https://nixos.org/manual/nixos/stable/#module-security-acme-nginx