nixos-config/lib/fudo/acme-for-hostname.nix

# Starts an Nginx server on $HOSTNAME just to get a cert for this host

{ config, lib, pkgs, ... }:

with lib;
let
  cfg = config.fudo.acme;

  # wwwRoot = hostname:
  #   pkgs.writeTextFile {
  #     name = "index.html";

  #     text = ''
  #       <html>
  #         <head>
  #           <title>${hostname}</title>
  #         </head>
  #         <body>
  #           <h1>${hostname}</title>
  #         </body>
  #       </html>
  #     '';
  #     destination = "/www";
  #   };

in {

  options.fudo.acme = {
    enable = mkEnableOption "Fetch ACME certs for supplied local hostnames.";

    hostnames = mkOption {
      type = with types; listOf str;
      description = "A list of hostnames mapping to this host, for which to acquire SSL certificates.";
      default = [];
      example = [
        "my.hostname.com"
        "alt.hostname.com"
      ];
    };

    admin-address = mkOption {
      type = types.str;
      description = "The admin address in charge of these addresses.";
      default = "admin@fudo.org";
    };
  };

  config = mkIf cfg.enable {

    services.nginx = {
      enable = true;

      virtualHosts = listToAttrs
        (map
          (hostname:
            nameValuePair hostname
              {
                enableACME = true;
                forceSSL = true;
                # root = (wwwRoot hostname) + ("/" + "www");
              })
          cfg.hostnames);
    };

    security.acme.certs = listToAttrs
      (map (hostname: nameValuePair hostname { email = cfg.admin-address; })
        cfg.hostnames);
  };
}
Currently broken config... 2020-01-15 09:24:11 -08:00			`# Starts an Nginx server on $HOSTNAME just to get a cert for this host`

			`{ config, lib, pkgs, ... }:`

			`with lib;`
			`let`
			`cfg = config.fudo.acme;`

Informis Checkin 2020-06-25 20:38:50 -07:00			`# wwwRoot = hostname:`
			`# pkgs.writeTextFile {`
			`# name = "index.html";`

			`# text = ''`
			`# <html>`
			`# <head>`
			`# <title>${hostname}</title>`
			`# </head>`
			`# <body>`
			`# <h1>${hostname}</title>`
			`# </body>`
			`# </html>`
			`# '';`
			`# destination = "/www";`
			`# };`
Currently broken config... 2020-01-15 09:24:11 -08:00
			`in {`

			`options.fudo.acme = {`
Informis Checkin 2020-06-25 20:38:50 -07:00			`enable = mkEnableOption "Fetch ACME certs for supplied local hostnames.";`

Currently broken config... 2020-01-15 09:24:11 -08:00			`hostnames = mkOption {`
			`type = with types; listOf str;`
			`description = "A list of hostnames mapping to this host, for which to acquire SSL certificates.";`
			`default = [];`
			`example = [`
			`"my.hostname.com"`
			`"alt.hostname.com"`
			`];`
			`};`
Informis Checkin 2020-06-25 20:38:50 -07:00
			`admin-address = mkOption {`
			`type = types.str;`
			`description = "The admin address in charge of these addresses.";`
			`default = "admin@fudo.org";`
			`};`
Currently broken config... 2020-01-15 09:24:11 -08:00			`};`

Informis Checkin 2020-06-25 20:38:50 -07:00			`config = mkIf cfg.enable {`
Currently broken config... 2020-01-15 09:24:11 -08:00
			`services.nginx = {`
			`enable = true;`

			`virtualHosts = listToAttrs`
			`(map`
			`(hostname:`
			`nameValuePair hostname`
			`{`
			`enableACME = true;`
			`forceSSL = true;`
Informis Checkin 2020-06-25 20:38:50 -07:00			`# root = (wwwRoot hostname) + ("/" + "www");`
Currently broken config... 2020-01-15 09:24:11 -08:00			`})`
			`cfg.hostnames);`
			`};`

			`security.acme.certs = listToAttrs`
Informis Checkin 2020-06-25 20:38:50 -07:00			`(map (hostname: nameValuePair hostname { email = cfg.admin-address; })`
Currently broken config... 2020-01-15 09:24:11 -08:00			`cfg.hostnames);`
			`};`
			`}`