+
+ config.security.acme.certs = let
+ typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg;
+ flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v:
+ attrValues v.vhostConfs
+ ) typesToManage);
+ groupedCerts = attrsets.filterAttrs
+ (_: group: builtins.any (v: v.addToCerts || !isNull v.certMainHost) group)
+ (lists.groupBy (v: v.certName) flatVhosts);
+ groupToDomain = group:
+ let
+ nonNull = builtins.filter (v: !isNull v.certMainHost) group;
+ domains = lists.unique (map (v: v.certMainHost) nonNull);
+ in
+ if builtins.length domains == 0
+ then null
+ else assert (builtins.length domains == 1); (elemAt domains 0);
+ extraDomains = group:
+ let
+ mainDomain = groupToDomain group;
+ in
+ lists.remove mainDomain (
+ lists.unique (
+ lists.flatten (map (c: optionals (c.addToCerts || !isNull c.certMainHost) c.hosts) group)
+ )
+ );
+ in attrsets.mapAttrs (k: g:
+ if (!isNull (groupToDomain g))
+ then config.services.websitesCerts // {
+ domain = groupToDomain g;
+ extraDomains = builtins.listToAttrs (
+ map (d: attrsets.nameValuePair d null) (extraDomains g));
+ }
+ else {
+ extraDomains = builtins.listToAttrs (
+ map (d: attrsets.nameValuePair d null) (extraDomains g));
+ }
+ ) groupedCerts;