diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-10-18 19:43:39 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-10-18 19:43:39 +0200 |
| commit | 8415083eb6acc343dfa404dbbc12fa0171a48a20 (patch) | |
| tree | d83f54c99763ae49076bf3071449595b6ccae133 /modules/private/certificates.nix | |
| parent | 8fa7ff2c63fb0722144bc90837512d9f8b8c929d (diff) | |
| download | Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.tar.gz Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.tar.zst Nix-8415083eb6acc343dfa404dbbc12fa0171a48a20.zip | |
Add new machine to nixops
Diffstat (limited to 'modules/private/certificates.nix')
| -rw-r--r-- | modules/private/certificates.nix | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix index cb284fc..9de3e6d 100644 --- a/modules/private/certificates.nix +++ b/modules/private/certificates.nix | |||
| @@ -1,6 +1,7 @@ | |||
| 1 | { lib, pkgs, config, ... }: | 1 | { lib, pkgs, config, ... }: |
| 2 | { | 2 | { |
| 3 | options.services.myCertificates = { | 3 | options.myServices.certificates = { |
| 4 | enable = lib.mkEnableOption "enable certificates"; | ||
| 4 | certConfig = lib.mkOption { | 5 | certConfig = lib.mkOption { |
| 5 | default = { | 6 | default = { |
| 6 | webroot = "${config.security.acme.directory}/acme-challenge"; | 7 | webroot = "${config.security.acme.directory}/acme-challenge"; |
| @@ -14,18 +15,18 @@ | |||
| 14 | }; | 15 | }; |
| 15 | }; | 16 | }; |
| 16 | 17 | ||
| 17 | config = { | 18 | config = lib.mkIf config.myServices.certificates.enable { |
| 18 | services.backup.profiles.system.excludeFile = '' | 19 | services.backup.profiles.system.excludeFile = '' |
| 19 | + ${config.security.acme.directory} | 20 | + ${config.security.acme.directory} |
| 20 | ''; | 21 | ''; |
| 21 | services.websites.certs = config.services.myCertificates.certConfig; | 22 | services.websites.certs = config.myServices.certificates.certConfig; |
| 22 | myServices.databasesCerts = config.services.myCertificates.certConfig; | 23 | myServices.databasesCerts = config.myServices.certificates.certConfig; |
| 23 | myServices.ircCerts = config.services.myCertificates.certConfig; | 24 | myServices.ircCerts = config.myServices.certificates.certConfig; |
| 24 | 25 | ||
| 25 | security.acme.preliminarySelfsigned = true; | 26 | security.acme.preliminarySelfsigned = true; |
| 26 | 27 | ||
| 27 | security.acme.certs = { | 28 | security.acme.certs = { |
| 28 | "eldiron" = config.services.myCertificates.certConfig // { | 29 | "eldiron" = config.myServices.certificates.certConfig // { |
| 29 | domain = "eldiron.immae.eu"; | 30 | domain = "eldiron.immae.eu"; |
| 30 | }; | 31 | }; |
| 31 | }; | 32 | }; |