1
0
Fork 0

add host provider for ssl letsencrypt block

This commit is contained in:
ibizaman 2024-08-11 04:49:38 +02:00 committed by Pierre Penninckx
parent aed62d3553
commit 6b17ff858e

View file

@ -238,6 +238,7 @@ in
additionalEnvironment = lib.mkOption { additionalEnvironment = lib.mkOption {
type = lib.types.attrsOf lib.types.str; type = lib.types.attrsOf lib.types.str;
default = {};
description = '' description = ''
Additional environment variables used to configure the DNS provider. Additional environment variables used to configure the DNS provider.
@ -267,6 +268,12 @@ in
type = lib.types.str; type = lib.types.str;
}; };
stagingServer = lib.mkOption {
description = "User Let's Encrypt's staging server.";
type = lib.types.bool;
default = false;
};
debug = lib.mkOption { debug = lib.mkOption {
description = "Enable debug logging"; description = "Enable debug logging";
type = lib.types.bool; type = lib.types.bool;
@ -415,20 +422,36 @@ in
security.acme.acceptTerms = lib.mkIf (cfg.certs.letsencrypt != {}) true; security.acme.acceptTerms = lib.mkIf (cfg.certs.letsencrypt != {}) true;
security.acme.certs = lib.mkMerge (lib.mapAttrsToList (name: certCfg: { security.acme.certs = lib.mkMerge (lib.mapAttrsToList (name: certCfg:
"${name}" = { {
extraDomainNames = [ certCfg.domain ] ++ certCfg.extraDomains; "${name}" = ({
email = certCfg.adminEmail; extraDomainNames = [ certCfg.domain ] ++ certCfg.extraDomains;
inherit (certCfg) dnsProvider dnsResolver; email = certCfg.adminEmail;
inherit (certCfg) group reloadServices; enableDebugLogs = certCfg.debug;
credentialsFile = certCfg.credentialsFile; server = lib.mkIf certCfg.stagingServer "https://acme-staging-v02.api.letsencrypt.org/directory";
enableDebugLogs = certCfg.debug; } // lib.optionalAttrs (certCfg.dnsProvider != null) {
}; inherit (certCfg) dnsProvider dnsResolver;
}) cfg.certs.letsencrypt); inherit (certCfg) group reloadServices;
credentialsFile = certCfg.credentialsFile;
});
}) cfg.certs.letsencrypt);
systemd.services = lib.mkMerge (lib.mapAttrsToList (name: certCfg: { services.nginx = lib.mkMerge (lib.mapAttrsToList (name: certCfg:
"acme-${certCfg.domain}".environment = certCfg.additionalEnvironment; lib.optionalAttrs (certCfg.dnsProvider == null) {
}) cfg.certs.letsencrypt); virtualHosts."${name}" = {
addSSL = true;
enableACME = true;
serverAliases = certCfg.extraDomains;
# locations."/" = {
# root = "/var/www";
# };
};
}) cfg.certs.letsencrypt);
systemd.services = lib.mkMerge (lib.mapAttrsToList (name: certCfg:
lib.optionalAttrs (certCfg.additionalEnvironment != {}) {
"acme-${certCfg.domain}".environment = certCfg.additionalEnvironment;
}) cfg.certs.letsencrypt);
} }
]; ];
} }