summary refs log tree commit diff
diff options
context:
space:
mode:
authorzimbatm <zimbatm@zimbatm.com>2018-01-11 14:19:15 +0000
committerGitHub <noreply@github.com>2018-01-11 14:19:15 +0000
commit1276a3b12aa0fa3ad5e52cce2dafe75ac5599a92 (patch)
tree03a96ae537ad9a1db69c3d77d1adb19927d65e8c
parent8d12c26e3488309a01f653896a4a07292a17f0f2 (diff)
downloadnixlib-1276a3b12aa0fa3ad5e52cce2dafe75ac5599a92.tar
nixlib-1276a3b12aa0fa3ad5e52cce2dafe75ac5599a92.tar.gz
nixlib-1276a3b12aa0fa3ad5e52cce2dafe75ac5599a92.tar.bz2
nixlib-1276a3b12aa0fa3ad5e52cce2dafe75ac5599a92.tar.lz
nixlib-1276a3b12aa0fa3ad5e52cce2dafe75ac5599a92.tar.xz
nixlib-1276a3b12aa0fa3ad5e52cce2dafe75ac5599a92.tar.zst
nixlib-1276a3b12aa0fa3ad5e52cce2dafe75ac5599a92.zip
nixos/acme: configurable TOS hash (#33522)
This hash tends to change and upstream simp_le doesn't seem to keep up
with the changes.
Diffstat
-rw-r--r--nixos/modules/security/acme.nix10
1 files changed, 9 insertions, 1 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index fb011019f7f5..5940f471883c 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -139,6 +139,14 @@ in
         '';
       };
 
+      tosHash = mkOption {
+        type = types.string;
+        default = "cc88d8d9517f490191401e7b54e9ffd12a2b9082ec7a1d4cec6101f9f1647e7b";
+        description = ''
+          SHA256 of the Terms of Services document. This changes once in a while.
+        '';
+      };
+
       production = mkOption {
         type = types.bool;
         default = true;
@@ -188,7 +196,7 @@ in
                 domain = if data.domain != null then data.domain else cert;
                 cpath = "${cfg.directory}/${cert}";
                 rights = if data.allowKeysForGroup then "750" else "700";
-                cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin ]
+                cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ]
                           ++ optionals (data.email != null) [ "--email" data.email ]
                           ++ concatMap (p: [ "-f" p ]) data.plugins
                           ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-07 05:10:44 +0000