Auto-commit: 2026-01-07 14:15:56

2026-01-07 14:15:56 +00:00
parent f123f301f6
commit b8892ed62c
1 changed files with 18 additions and 0 deletions
--- a/hosts/lillyserver/systemd.nix
+++ b/hosts/lillyserver/systemd.nix
@@ -25,6 +25,24 @@ in
        ExecStart = "${pkgs.docker}/bin/docker start tailscale-cloudflare-dns-sync";
      };
    };
+
+    ${certbot-generic-cert-service} = {
+      enable = true;
+      description = "Renew Let's Encrypt certificates using Certbot in Docker";
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = ''${pkgs.docker}/bin/docker \
+          run --rm --name certbot-renew \
+          -v /mnt/lilly-ssd/secrets/certificates/etc:/etc/letsencrypt \
+          -v /mnt/lilly-ssd/secrets/certificates/var:/var/lib/letsencrypt \
+          -v /mnt/lilly-ssd/secrets/certificates/cf-credentials:/cf-credentials:ro \
+          -v /mnt/lilly-ssd/secrets/certificates/id_ed25519_certshare:/openwrt_private_key:ro \
+          certbot/dns-cloudflare renew \
+          --dns-cloudflare \
+          --dns-cloudflare-credentials /cf-credentials
+        '';
+      };
+    };
  };

  systemd.timers = {