simp_le service: letsencrypt cert auto-renewal - nixlib - Alyssa's collection of Nix expressions

diff options

author	Franz Pletz <fpletz@fnordicwalking.de>	2015-12-06 16:55:09 +0100
committer	Franz Pletz <fpletz@fnordicwalking.de>	2015-12-12 16:06:51 +0100
commit	612781e8169bf13fde26091f2d6c55ebed6ccb6f (patch)
tree	fcff0d0dee06bac02caa16ce9d371da930165e11 /nixos/modules/module-list.nix
parent	069b1891d34f2a1a674daf6baad02d73ab8228c6 (diff)
download	nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.tar nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.tar.gz nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.tar.bz2 nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.tar.lz nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.tar.xz nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.tar.zst nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.zip

simp_le service: letsencrypt cert auto-renewal

This new service invokes `simp_le` for a defined set of certs on a regular
basis with a systemd timer. `simp_le` is smart enough to handle account
registration, domain validation and renewal on its own. The only thing
required is an existing HTTP server that serves the path
`/.well-known/acme-challenge` from the webroot cert parameter.

Example:

  services.simp_le.certs."foo.example.com" = {
    webroot = "/var/www/challenges";
    extraDomains = [ "www.example.com" ];
    email = "foo@example.com";
    validMin = 2592000;
    renewInterval = "weekly";
  };

Example Nginx vhost:

  services.nginx.appendConfig = ''
    http {
      server {
        server_name _;
        listen 80;
        listen [::]:80;

        location /.well-known/acme-challenge {
          root /var/www/challenges;
        }

        location / {
          return 301 https://$host$request_uri;
        }
      }
    }
  '';

Diffstat (limited to 'nixos/modules/module-list.nix')

-rw-r--r--

nixos/modules/module-list.nix

1 files changed, 1 insertions, 0 deletions


context:
space:
mode: