1
0
Fork 0
selfhostblocks/modules/contracts/ssl.nix

68 lines
1.8 KiB
Nix
Raw Normal View History

2024-04-14 15:21:20 -07:00
{ lib, ... }:
2024-01-11 23:22:46 -08:00
rec {
certs-paths = lib.types.submodule {
freeformType = lib.types.anything;
options = {
cert = lib.mkOption {
type = lib.types.path;
description = "Path to the cert file.";
};
key = lib.mkOption {
type = lib.types.path;
description = "Path to the key file.";
};
};
};
cas = lib.types.submodule {
freeformType = lib.types.anything;
options = {
paths = lib.mkOption {
description = ''
Paths where the files for the CA will be located.
This option is the contract output of the `shb.certs.cas` SSL block.
'';
type = certs-paths;
};
systemdService = lib.mkOption {
2024-04-14 15:21:20 -07:00
description = ''
Systemd oneshot service used to generate the CA. Ends with the `.service` suffix.
Use this if downstream services must wait for the certificates to be generated before
starting.
'';
2024-01-11 23:22:46 -08:00
type = lib.types.str;
2024-04-14 15:21:20 -07:00
example = "ca-generator.service";
2024-01-11 23:22:46 -08:00
};
};
};
certs = lib.types.submodule {
freeformType = lib.types.anything;
options = {
paths = lib.mkOption {
description = ''
Paths where the files for the certificate will be located.
This option is the contract output of the `shb.certs.certs` SSL block.
'';
type = certs-paths;
};
systemdService = lib.mkOption {
description = ''
2024-04-14 15:21:20 -07:00
Systemd oneshot service used to generate the certificate. Ends with the `.service` suffix.
Use this if downstream services must wait for the certificates to be generated before
starting.
2024-01-11 23:22:46 -08:00
'';
type = lib.types.str;
2024-04-14 15:21:20 -07:00
example = "cert-generator.service";
2024-01-11 23:22:46 -08:00
};
};
};
}