diff options
| author | Joachim Schiele <js@lastlog.de> | 2018-02-06 22:08:57 +0100 |
|---|---|---|
| committer | zimbatm <zimbatm@zimbatm.com> | 2018-02-06 21:08:57 +0000 |
| commit | edeacd00ada72c70661c4f421146134b42feb815 (patch) | |
| tree | 8f11139619bda1cdd0c9377a3f1fbfd723244d5e /nixos/modules | |
| parent | c9d1bf3e7663bf5486cbb7332d748085594247e0 (diff) | |
| download | nixlib-edeacd00ada72c70661c4f421146134b42feb815.tar nixlib-edeacd00ada72c70661c4f421146134b42feb815.tar.gz nixlib-edeacd00ada72c70661c4f421146134b42feb815.tar.bz2 nixlib-edeacd00ada72c70661c4f421146134b42feb815.tar.lz nixlib-edeacd00ada72c70661c4f421146134b42feb815.tar.xz nixlib-edeacd00ada72c70661c4f421146134b42feb815.tar.zst nixlib-edeacd00ada72c70661c4f421146134b42feb815.zip | |
security.acme: default name value via module system (#34388)
Diffstat (limited to 'nixos/modules')
| -rw-r--r-- | nixos/modules/security/acme.nix | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 5940f471883c..aacdcbdd53d6 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -6,10 +6,11 @@ let cfg = config.security.acme; - certOpts = { ... }: { + certOpts = { name, ... }: { options = { webroot = mkOption { type = types.str; + example = "/var/lib/acme/acme-challenges"; description = '' Where the webroot of the HTTP vhost is located. <filename>.well-known/acme-challenge/</filename> directory @@ -20,8 +21,8 @@ let }; domain = mkOption { - type = types.nullOr types.str; - default = null; + type = types.str; + default = name; description = "Domain to fetch certificate for (defaults to the entry name)"; }; @@ -48,7 +49,7 @@ let default = false; description = '' Give read permissions to the specified group - (<option>security.acme.group</option>) to read SSL private certificates. + (<option>security.acme.cert.<name>.group</option>) to read SSL private certificates. ''; }; @@ -87,7 +88,7 @@ let } ''; description = '' - Extra domain names for which certificates are to be issued, with their + A list of extra domain names, which are included in the one certificate to be issued, with their own server roots if needed. ''; }; @@ -193,10 +194,9 @@ in servicesLists = mapAttrsToList certToServices cfg.certs; certToServices = cert: data: let - domain = if data.domain != null then data.domain else cert; cpath = "${cfg.directory}/${cert}"; rights = if data.allowKeysForGroup then "750" else "700"; - cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ] + cmdline = [ "-v" "-d" data.domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ] ++ optionals (data.email != null) [ "--email" data.email ] ++ concatMap (p: [ "-f" p ]) data.plugins ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains) |