diff options
author | davidak <git@davidak.de> | 2016-07-21 01:51:09 +0200 |
---|---|---|
committer | Rok Garbas <rok@garbas.si> | 2016-07-21 01:51:09 +0200 |
commit | 83bdc8e8583d2fae8751a347de8a5f6446a53d98 (patch) | |
tree | 11dc11b960b5f72cd5a90a705fabd0cacb1460e3 /nixos/modules | |
parent | cd25b04dbbec4a4319fac298552cd809e5056a62 (diff) | |
download | nixlib-83bdc8e8583d2fae8751a347de8a5f6446a53d98.tar nixlib-83bdc8e8583d2fae8751a347de8a5f6446a53d98.tar.gz nixlib-83bdc8e8583d2fae8751a347de8a5f6446a53d98.tar.bz2 nixlib-83bdc8e8583d2fae8751a347de8a5f6446a53d98.tar.lz nixlib-83bdc8e8583d2fae8751a347de8a5f6446a53d98.tar.xz nixlib-83bdc8e8583d2fae8751a347de8a5f6446a53d98.tar.zst nixlib-83bdc8e8583d2fae8751a347de8a5f6446a53d98.zip |
caddy service: add options to change ACME certificate authority (#16969)
and agree to let's encrypt subscriber agreement
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/services/web-servers/caddy.nix | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index b84431373bd1..0666dfddaffd 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -14,12 +14,26 @@ in description = "Verbatim Caddyfile to use"; }; + ca = mkOption { + default = "https://acme-v01.api.letsencrypt.org/directory"; + example = "https://acme-staging.api.letsencrypt.org/directory"; + type = types.string; + description = "Certificate authority ACME server. The default (Let's Encrypt production server) should be fine for most people."; + }; + email = mkOption { default = ""; type = types.string; description = "Email address (for Let's Encrypt certificate)"; }; + agree = mkOption { + default = false; + example = true; + type = types.bool; + description = "Agree to Let's Encrypt Subscriber Agreement"; + }; + dataDir = mkOption { default = "/var/lib/caddy"; type = types.path; @@ -33,11 +47,13 @@ in after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - ExecStart = "${pkgs.caddy.bin}/bin/caddy -conf=${configFile} -email=${cfg.email}"; - Type = "simple"; - User = "caddy"; - Group = "caddy"; - AmbientCapabilities = "cap_net_bind_service"; + ExecStart = ''${pkgs.caddy.bin}/bin/caddy -conf=${configFile} \ + -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"} + ''; + Type = "simple"; + User = "caddy"; + Group = "caddy"; + AmbientCapabilities = "cap_net_bind_service"; }; }; |