diff options
author | Pierre-Etienne Meunier <pierre-etienne.meunier@inria.fr> | 2017-11-02 11:10:47 +0100 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2017-11-02 11:10:47 +0100 |
commit | 538acd9060df09045558c67cf98792a3902c5f3c (patch) | |
tree | f88bcc75adde4fc1cc902d1cc186b72fc10b4fb3 /nixos | |
parent | ccbcf15c8ee86bd1c2e4eae39d225fab63b376f5 (diff) | |
download | nixlib-538acd9060df09045558c67cf98792a3902c5f3c.tar nixlib-538acd9060df09045558c67cf98792a3902c5f3c.tar.gz nixlib-538acd9060df09045558c67cf98792a3902c5f3c.tar.bz2 nixlib-538acd9060df09045558c67cf98792a3902c5f3c.tar.lz nixlib-538acd9060df09045558c67cf98792a3902c5f3c.tar.xz nixlib-538acd9060df09045558c67cf98792a3902c5f3c.tar.zst nixlib-538acd9060df09045558c67cf98792a3902c5f3c.zip |
ACME module: add server option (#31122)
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/security/acme.nix | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index a40c5ef9ebe1..fb011019f7f5 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -139,6 +139,20 @@ in ''; }; + production = mkOption { + type = types.bool; + default = true; + description = '' + If set to true, use Let's Encrypt's production environment + instead of the staging environment. The main benefit of the + staging environment is to get much higher rate limits. + + See + <literal>https://letsencrypt.org/docs/staging-environment</literal> + for more detail. + ''; + }; + certs = mkOption { default = { }; type = with types; attrsOf (submodule certOpts); @@ -177,7 +191,9 @@ in cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin ] ++ optionals (data.email != null) [ "--email" data.email ] ++ concatMap (p: [ "-f" p ]) data.plugins - ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains); + ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains) + ++ (if cfg.production then [] + else ["--server" "https://acme-staging.api.letsencrypt.org/directory"]); acmeService = { description = "Renew ACME Certificate for ${cert}"; after = [ "network.target" "network-online.target" ]; |