+ ) cfg.env;
+
+ config.services.filesWatcher = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
+ "httpd${icfg.httpdName}" {
+ paths = icfg.watchPaths;
+ waitTime = 5;
+ }
+ ) cfg.env;
+
+ config.security.acme2.certs = let
+ typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg.env;
+ flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v:
+ attrValues v.vhostConfs
+ ) typesToManage);
+ groupedCerts = attrsets.filterAttrs
+ (_: group: builtins.any (v: v.addToCerts || !isNull v.certMainHost) group)
+ (lists.groupBy (v: v.certName) flatVhosts);
+ groupToDomain = group:
+ let
+ nonNull = builtins.filter (v: !isNull v.certMainHost) group;
+ domains = lists.unique (map (v: v.certMainHost) nonNull);
+ in
+ if builtins.length domains == 0
+ then null
+ else assert (builtins.length domains == 1); (elemAt domains 0);
+ extraDomains = group:
+ let
+ mainDomain = groupToDomain group;
+ in
+ lists.remove mainDomain (
+ lists.unique (
+ lists.flatten (map (c: optionals (c.addToCerts || !isNull c.certMainHost) c.hosts) group)
+ )
+ );
+ in attrsets.mapAttrs (k: g:
+ if (!isNull (groupToDomain g))
+ then cfg.certs // {
+ domain = groupToDomain g;
+ extraDomains = builtins.listToAttrs (
+ map (d: attrsets.nameValuePair d null) (extraDomains g));
+ }
+ else {
+ extraDomains = builtins.listToAttrs (
+ map (d: attrsets.nameValuePair d null) (extraDomains g));
+ }
+ ) groupedCerts;
+
+ config.system.extraSystemBuilderCmds = lib.mkIf (builtins.length (builtins.attrValues cfg.webappDirs) > 0) ''
+ mkdir -p $out/${cfg.webappDirsName}
+ ${builtins.concatStringsSep "\n"
+ (attrsets.mapAttrsToList
+ (name: path: "ln -s ${path} $out/${cfg.webappDirsName}/${name}") cfg.webappDirs)
+ }
+ '';