harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

refactor

Browse source
This commit is contained in:
Harald Hoyer 2024-01-11 10:26:46 +00:00
parent 66c05f9093
commit 45d6f4b0f3
205 changed files with 9040 additions and 342 deletions
Download patch file Download diff file Expand all files Collapse all files

31
modules/nixos/security/acme/default.nix Normal file
View file

@ -0,0 +1,31 @@
{ lib, pkgs, config, virtual, ... }:
let
inherit (lib) mkIf mkEnableOption optional;
inherit (lib.plusultra) mkOpt;
cfg = config.plusultra.security.acme;
in
{
options.plusultra.security.acme = with lib.types; {
enable = mkEnableOption "default ACME configuration";
email = mkOpt str config.plusultra.user.email "The email to use.";
staging = mkOpt bool virtual "Whether to use the staging server or not.";
};
config = mkIf cfg.enable {
security.acme = {
acceptTerms = true;
defaults = {
inherit (cfg) email;
group = mkIf config.services.nginx.enable "nginx";
server = mkIf cfg.staging "https://acme-staging-v02.api.letsencrypt.org/directory";
# Reload nginx when certs change.
reloadServices = optional config.services.nginx.enable "nginx.service";
};
};
};
}