From 538acd9060df09045558c67cf98792a3902c5f3c Mon Sep 17 00:00:00 2001 From: Pierre-Etienne Meunier Date: Thu, 2 Nov 2017 11:10:47 +0100 Subject: ACME module: add server option (#31122) --- nixos/modules/security/acme.nix | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'nixos/modules') diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index a40c5ef9ebe1..fb011019f7f5 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -139,6 +139,20 @@ in ''; }; + production = mkOption { + type = types.bool; + default = true; + description = '' + If set to true, use Let's Encrypt's production environment + instead of the staging environment. The main benefit of the + staging environment is to get much higher rate limits. + + See + https://letsencrypt.org/docs/staging-environment + for more detail. + ''; + }; + certs = mkOption { default = { }; type = with types; attrsOf (submodule certOpts); @@ -177,7 +191,9 @@ in cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin ] ++ optionals (data.email != null) [ "--email" data.email ] ++ concatMap (p: [ "-f" p ]) data.plugins - ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains); + ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains) + ++ (if cfg.production then [] + else ["--server" "https://acme-staging.api.letsencrypt.org/directory"]); acmeService = { description = "Renew ACME Certificate for ${cert}"; after = [ "network.target" "network-online.target" ]; -- cgit 1.4.1