diff options
| author | Bjørn Forsman <bjorn.forsman@gmail.com> | 2017-06-08 08:46:40 +0200 |
|---|---|---|
| committer | Bjørn Forsman <bjorn.forsman@gmail.com> | 2017-06-09 19:35:17 +0200 |
| commit | 6a55fda61e899092a7c73b6b004783bbf1a73773 (patch) | |
| tree | c84379cb7a37dead4709be78ff189d15ba4cab16 /nixos/modules/security/acme.nix | |
| parent | 7a0e958b972f61b23f93a8e39fee5590aec47348 (diff) | |
| download | nixlib-6a55fda61e899092a7c73b6b004783bbf1a73773.tar nixlib-6a55fda61e899092a7c73b6b004783bbf1a73773.tar.gz nixlib-6a55fda61e899092a7c73b6b004783bbf1a73773.tar.bz2 nixlib-6a55fda61e899092a7c73b6b004783bbf1a73773.tar.lz nixlib-6a55fda61e899092a7c73b6b004783bbf1a73773.tar.xz nixlib-6a55fda61e899092a7c73b6b004783bbf1a73773.tar.zst nixlib-6a55fda61e899092a7c73b6b004783bbf1a73773.zip | |
nixos/acme: improve documentation
* Use literalExample for better readability * Clarify a bit wrt. 'webroot' and 'allowKeysForGroup'
Diffstat (limited to 'nixos/modules/security/acme.nix')
| -rw-r--r-- | nixos/modules/security/acme.nix | 41 |
1 files changed, 24 insertions, 17 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index dba858c00e07..a40c5ef9ebe1 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -13,7 +13,7 @@ let description = '' Where the webroot of the HTTP vhost is located. <filename>.well-known/acme-challenge/</filename> directory - will be created automatically if it doesn't exist. + will be created below the webroot if it doesn't exist. <literal>http://example.org/.well-known/acme-challenge/</literal> must also be available (notice unencrypted HTTP). ''; @@ -46,7 +46,10 @@ let allowKeysForGroup = mkOption { type = types.bool; default = false; - description = "Give read permissions to the specified group to read SSL private certificates."; + description = '' + Give read permissions to the specified group + (<option>security.acme.group</option>) to read SSL private certificates. + ''; }; postRun = mkOption { @@ -77,10 +80,12 @@ let extraDomains = mkOption { type = types.attrsOf (types.nullOr types.str); default = {}; - example = { - "example.org" = "/srv/http/nginx"; - "mydomain.org" = null; - }; + example = literalExample '' + { + "example.org" = "/srv/http/nginx"; + "mydomain.org" = null; + } + ''; description = '' Extra domain names for which certificates are to be issued, with their own server roots if needed. @@ -140,17 +145,19 @@ in description = '' Attribute set of certificates to get signed and renewed. ''; - example = { - "example.com" = { - webroot = "/var/www/challenges/"; - email = "foo@example.com"; - extraDomains = { "www.example.com" = null; "foo.example.com" = "/var/www/foo/"; }; - }; - "bar.example.com" = { - webroot = "/var/www/challenges/"; - email = "bar@example.com"; - }; - }; + example = literalExample '' + { + "example.com" = { + webroot = "/var/www/challenges/"; + email = "foo@example.com"; + extraDomains = { "www.example.com" = null; "foo.example.com" = "/var/www/foo/"; }; + }; + "bar.example.com" = { + webroot = "/var/www/challenges/"; + email = "bar@example.com"; + }; + } + ''; }; }; }; |