diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2015-12-06 16:55:09 +0100 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2015-12-12 16:06:51 +0100 |
commit | 612781e8169bf13fde26091f2d6c55ebed6ccb6f (patch) | |
tree | fcff0d0dee06bac02caa16ce9d371da930165e11 /nixos/modules/module-list.nix | |
parent | 069b1891d34f2a1a674daf6baad02d73ab8228c6 (diff) | |
download | nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.tar nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.tar.gz nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.tar.bz2 nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.tar.lz nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.tar.xz nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.tar.zst nixlib-612781e8169bf13fde26091f2d6c55ebed6ccb6f.zip |
simp_le service: letsencrypt cert auto-renewal
This new service invokes `simp_le` for a defined set of certs on a regular basis with a systemd timer. `simp_le` is smart enough to handle account registration, domain validation and renewal on its own. The only thing required is an existing HTTP server that serves the path `/.well-known/acme-challenge` from the webroot cert parameter. Example: services.simp_le.certs."foo.example.com" = { webroot = "/var/www/challenges"; extraDomains = [ "www.example.com" ]; email = "foo@example.com"; validMin = 2592000; renewInterval = "weekly"; }; Example Nginx vhost: services.nginx.appendConfig = '' http { server { server_name _; listen 80; listen [::]:80; location /.well-known/acme-challenge { root /var/www/challenges; } location / { return 301 https://$host$request_uri; } } } '';
Diffstat (limited to 'nixos/modules/module-list.nix')
-rw-r--r-- | nixos/modules/module-list.nix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 963daf721ad3..c708f095f40a 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -388,6 +388,7 @@ ./services/security/hologram.nix ./services/security/munge.nix ./services/security/physlock.nix + ./services/security/simp_le.nix ./services/security/torify.nix ./services/security/tor.nix ./services/security/torsocks.nix |