add host provider for ssl letsencrypt block
This commit is contained in:
parent
aed62d3553
commit
6b17ff858e
1 changed files with 36 additions and 13 deletions
|
@ -238,6 +238,7 @@ in
|
||||||
|
|
||||||
additionalEnvironment = lib.mkOption {
|
additionalEnvironment = lib.mkOption {
|
||||||
type = lib.types.attrsOf lib.types.str;
|
type = lib.types.attrsOf lib.types.str;
|
||||||
|
default = {};
|
||||||
description = ''
|
description = ''
|
||||||
Additional environment variables used to configure the DNS provider.
|
Additional environment variables used to configure the DNS provider.
|
||||||
|
|
||||||
|
@ -267,6 +268,12 @@ in
|
||||||
type = lib.types.str;
|
type = lib.types.str;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
stagingServer = lib.mkOption {
|
||||||
|
description = "User Let's Encrypt's staging server.";
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
|
||||||
debug = lib.mkOption {
|
debug = lib.mkOption {
|
||||||
description = "Enable debug logging";
|
description = "Enable debug logging";
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
|
@ -415,20 +422,36 @@ in
|
||||||
|
|
||||||
security.acme.acceptTerms = lib.mkIf (cfg.certs.letsencrypt != {}) true;
|
security.acme.acceptTerms = lib.mkIf (cfg.certs.letsencrypt != {}) true;
|
||||||
|
|
||||||
security.acme.certs = lib.mkMerge (lib.mapAttrsToList (name: certCfg: {
|
security.acme.certs = lib.mkMerge (lib.mapAttrsToList (name: certCfg:
|
||||||
"${name}" = {
|
{
|
||||||
extraDomainNames = [ certCfg.domain ] ++ certCfg.extraDomains;
|
"${name}" = ({
|
||||||
email = certCfg.adminEmail;
|
extraDomainNames = [ certCfg.domain ] ++ certCfg.extraDomains;
|
||||||
inherit (certCfg) dnsProvider dnsResolver;
|
email = certCfg.adminEmail;
|
||||||
inherit (certCfg) group reloadServices;
|
enableDebugLogs = certCfg.debug;
|
||||||
credentialsFile = certCfg.credentialsFile;
|
server = lib.mkIf certCfg.stagingServer "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||||
enableDebugLogs = certCfg.debug;
|
} // lib.optionalAttrs (certCfg.dnsProvider != null) {
|
||||||
};
|
inherit (certCfg) dnsProvider dnsResolver;
|
||||||
}) cfg.certs.letsencrypt);
|
inherit (certCfg) group reloadServices;
|
||||||
|
credentialsFile = certCfg.credentialsFile;
|
||||||
|
});
|
||||||
|
}) cfg.certs.letsencrypt);
|
||||||
|
|
||||||
systemd.services = lib.mkMerge (lib.mapAttrsToList (name: certCfg: {
|
services.nginx = lib.mkMerge (lib.mapAttrsToList (name: certCfg:
|
||||||
"acme-${certCfg.domain}".environment = certCfg.additionalEnvironment;
|
lib.optionalAttrs (certCfg.dnsProvider == null) {
|
||||||
}) cfg.certs.letsencrypt);
|
virtualHosts."${name}" = {
|
||||||
|
addSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
serverAliases = certCfg.extraDomains;
|
||||||
|
# locations."/" = {
|
||||||
|
# root = "/var/www";
|
||||||
|
# };
|
||||||
|
};
|
||||||
|
}) cfg.certs.letsencrypt);
|
||||||
|
|
||||||
|
systemd.services = lib.mkMerge (lib.mapAttrsToList (name: certCfg:
|
||||||
|
lib.optionalAttrs (certCfg.additionalEnvironment != {}) {
|
||||||
|
"acme-${certCfg.domain}".environment = certCfg.additionalEnvironment;
|
||||||
|
}) cfg.certs.letsencrypt);
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue