Start moving websites to their own modules: certificates

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-01-10 00:40:53 +0100
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2019-01-10 00:40:53 +0100
commit: 3013caf18db83d43a1703b1a74cb484f70bab3a8 (patch)
tree: 1bd0a2ee04a906149b0d9a6653c663164a3a42b6 /virtual/modules/certificates.nix
parent: 4d4f13f4a8e7df6480da895d80d487c891441745 (diff)
download: Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.tar.gz
Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.tar.zst
Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.zip
1 files changed, 30 insertions, 0 deletions
diff --git a/virtual/modules/certificates.nix b/virtual/modules/certificates.nix
new file mode 100644
index 0000000..a9d6d99
--- /dev/null
+++ b/virtual/modules/certificates.nix
@@ -0,0 +1,30 @@
+{ lib, pkgs, config, mylibs, ... }:
+{
+  options.services.myCertificates = {
+    certConfig = lib.mkOption {
+      default = {
+        webroot = "/var/lib/acme/acme-challenge";
+        email = "ismael@bouya.org";
+        postRun = ''
+          systemctl reload httpd.service
+        '';
+        plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
+      };
+      description = "Default configuration for certificates";
+    };
+  };
+  config = {
+    # FIXME: doesn't work with httpd?
+    security.acme.preliminarySelfsigned = true;
+    security.acme.certs = {
+      # FIXME: /!\ To create a new certificate, create it before using
+      # it in httpd
+      "eldiron" = config.services.myCertificates.certConfig // {
+        domain = "eldiron.immae.eu";
+        allowKeysForGroup = true;
+      };
+    };
+  };
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-01-10 00:40:53 +0100
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2019-01-10 00:40:53 +0100
commit	3013caf18db83d43a1703b1a74cb484f70bab3a8 (patch)
tree	1bd0a2ee04a906149b0d9a6653c663164a3a42b6 /virtual/modules/certificates.nix
parent	4d4f13f4a8e7df6480da895d80d487c891441745 (diff)
download	Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.tar.gz Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.tar.zst Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.zip

diff --git a/virtual/modules/certificates.nix b/virtual/modules/certificates.nix new file mode 100644 index 0000000..a9d6d99 --- /dev/null +++ b/virtual/modules/certificates.nix
@@ -0,0 +1,30 @@
	1	{ lib, pkgs, config, mylibs, ... }:
	2	{
	3	options.services.myCertificates = {
	4	certConfig = lib.mkOption {
	5	default = {
	6	webroot = "/var/lib/acme/acme-challenge";
	7	email = "ismael@bouya.org";
	8	postRun = ''
	9	systemctl reload httpd.service
	10	'';
	11	plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
	12	};
	13	description = "Default configuration for certificates";
	14	};
	15	};
	16
	17	config = {
	18	# FIXME: doesn't work with httpd?
	19	security.acme.preliminarySelfsigned = true;
	20
	21	security.acme.certs = {
	22	# FIXME: /!\ To create a new certificate, create it before using
	23	# it in httpd
	24	"eldiron" = config.services.myCertificates.certConfig // {
	25	domain = "eldiron.immae.eu";
	26	allowKeysForGroup = true;
	27	};
	28	};
	29	};
	30	}