diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-10-18 19:43:39 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-10-18 19:43:39 +0200 |
commit | 8415083eb6acc343dfa404dbbc12fa0171a48a20 (patch) | |
tree | d83f54c99763ae49076bf3071449595b6ccae133 /modules/private/certificates.nix | |
parent | 8fa7ff2c63fb0722144bc90837512d9f8b8c929d (diff) | |
download | Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.tar.gz Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.tar.zst Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.zip |
Add new machine to nixops
Diffstat (limited to 'modules/private/certificates.nix')
-rw-r--r-- | modules/private/certificates.nix | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix index cb284fc..9de3e6d 100644 --- a/modules/private/certificates.nix +++ b/modules/private/certificates.nix | |||
@@ -1,6 +1,7 @@ | |||
1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | { | 2 | { |
3 | options.services.myCertificates = { | 3 | options.myServices.certificates = { |
4 | enable = lib.mkEnableOption "enable certificates"; | ||
4 | certConfig = lib.mkOption { | 5 | certConfig = lib.mkOption { |
5 | default = { | 6 | default = { |
6 | webroot = "${config.security.acme.directory}/acme-challenge"; | 7 | webroot = "${config.security.acme.directory}/acme-challenge"; |
@@ -14,18 +15,18 @@ | |||
14 | }; | 15 | }; |
15 | }; | 16 | }; |
16 | 17 | ||
17 | config = { | 18 | config = lib.mkIf config.myServices.certificates.enable { |
18 | services.backup.profiles.system.excludeFile = '' | 19 | services.backup.profiles.system.excludeFile = '' |
19 | + ${config.security.acme.directory} | 20 | + ${config.security.acme.directory} |
20 | ''; | 21 | ''; |
21 | services.websites.certs = config.services.myCertificates.certConfig; | 22 | services.websites.certs = config.myServices.certificates.certConfig; |
22 | myServices.databasesCerts = config.services.myCertificates.certConfig; | 23 | myServices.databasesCerts = config.myServices.certificates.certConfig; |
23 | myServices.ircCerts = config.services.myCertificates.certConfig; | 24 | myServices.ircCerts = config.myServices.certificates.certConfig; |
24 | 25 | ||
25 | security.acme.preliminarySelfsigned = true; | 26 | security.acme.preliminarySelfsigned = true; |
26 | 27 | ||
27 | security.acme.certs = { | 28 | security.acme.certs = { |
28 | "eldiron" = config.services.myCertificates.certConfig // { | 29 | "eldiron" = config.myServices.certificates.certConfig // { |
29 | domain = "eldiron.immae.eu"; | 30 | domain = "eldiron.immae.eu"; |
30 | }; | 31 | }; |
31 | }; | 32 | }; |