diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-10 00:40:53 +0100 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-01-10 00:40:53 +0100 |
commit | 3013caf18db83d43a1703b1a74cb484f70bab3a8 (patch) | |
tree | 1bd0a2ee04a906149b0d9a6653c663164a3a42b6 /virtual/modules/certificates.nix | |
parent | 4d4f13f4a8e7df6480da895d80d487c891441745 (diff) | |
download | Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.tar.gz Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.tar.zst Nix-3013caf18db83d43a1703b1a74cb484f70bab3a8.zip |
Start moving websites to their own modules: certificates
Diffstat (limited to 'virtual/modules/certificates.nix')
-rw-r--r-- | virtual/modules/certificates.nix | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/virtual/modules/certificates.nix b/virtual/modules/certificates.nix new file mode 100644 index 0000000..a9d6d99 --- /dev/null +++ b/virtual/modules/certificates.nix | |||
@@ -0,0 +1,30 @@ | |||
1 | { lib, pkgs, config, mylibs, ... }: | ||
2 | { | ||
3 | options.services.myCertificates = { | ||
4 | certConfig = lib.mkOption { | ||
5 | default = { | ||
6 | webroot = "/var/lib/acme/acme-challenge"; | ||
7 | email = "ismael@bouya.org"; | ||
8 | postRun = '' | ||
9 | systemctl reload httpd.service | ||
10 | ''; | ||
11 | plugins = [ "cert.pem" "chain.pem" "fullchain.pem" "full.pem" "key.pem" "account_key.json" ]; | ||
12 | }; | ||
13 | description = "Default configuration for certificates"; | ||
14 | }; | ||
15 | }; | ||
16 | |||
17 | config = { | ||
18 | # FIXME: doesn't work with httpd? | ||
19 | security.acme.preliminarySelfsigned = true; | ||
20 | |||
21 | security.acme.certs = { | ||
22 | # FIXME: /!\ To create a new certificate, create it before using | ||
23 | # it in httpd | ||
24 | "eldiron" = config.services.myCertificates.certConfig // { | ||
25 | domain = "eldiron.immae.eu"; | ||
26 | allowKeysForGroup = true; | ||
27 | }; | ||
28 | }; | ||
29 | }; | ||
30 | } | ||