};
});
};
+ watchPaths = mkOption {
+ type = listOf string;
+ default = [];
+ description = ''
+ Paths to watch that should trigger a reload of httpd
+ '';
+ };
};
});
};
serverAliases = [ "*" ];
enableSSL = false;
logFormat = "combinedVhost";
- documentRoot = "/var/lib/acme/acme-challenge";
+ documentRoot = "${config.security.acme.directory}/acme-challenge";
extraConfig = ''
RewriteEngine on
RewriteCond "%{REQUEST_URI}" "!^/\.well-known"
};
toVhost = ips: vhostConf: {
enableSSL = true;
- sslServerCert = "/var/lib/acme/${vhostConf.certName}/cert.pem";
- sslServerKey = "/var/lib/acme/${vhostConf.certName}/key.pem";
- sslServerChain = "/var/lib/acme/${vhostConf.certName}/chain.pem";
+ sslServerCert = "${config.security.acme.directory}/${vhostConf.certName}/cert.pem";
+ sslServerKey = "${config.security.acme.directory}/${vhostConf.certName}/key.pem";
+ sslServerChain = "${config.security.acme.directory}/${vhostConf.certName}/chain.pem";
logFormat = "combinedVhost";
listen = map (ip: { inherit ip; port = 443; }) ips;
hostName = builtins.head vhostConf.hosts;
})
) cfg;
+ config.services.filesWatcher = attrsets.mapAttrs' (name: icfg: attrsets.nameValuePair
+ "httpd${icfg.httpdName}" {
+ paths = icfg.watchPaths;
+ waitTime = 5;
+ }
+ ) cfg;
+
config.security.acme.certs = let
typesToManage = attrsets.filterAttrs (k: v: v.enable) cfg;
flatVhosts = lists.flatten (attrsets.mapAttrsToList (k: v: