Auto-commit: 2026-01-07 14:15:56

hosts/lillyserver/systemd.nix

@@ -25,6 +25,24 @@ in
         ExecStart = "${pkgs.docker}/bin/docker start tailscale-cloudflare-dns-sync";
       };
     };
+
+    ${certbot-generic-cert-service} = {
+      enable = true;
+      description = "Renew Let's Encrypt certificates using Certbot in Docker";
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = ''${pkgs.docker}/bin/docker \
+          run --rm --name certbot-renew \
+          -v /mnt/lilly-ssd/secrets/certificates/etc:/etc/letsencrypt \
+          -v /mnt/lilly-ssd/secrets/certificates/var:/var/lib/letsencrypt \
+          -v /mnt/lilly-ssd/secrets/certificates/cf-credentials:/cf-credentials:ro \
+          -v /mnt/lilly-ssd/secrets/certificates/id_ed25519_certshare:/openwrt_private_key:ro \
+          certbot/dns-cloudflare renew \
+          --dns-cloudflare \
+          --dns-cloudflare-credentials /cf-credentials
+        '';
+      };
+    };
   };
 
   systemd.timers = {