62 lines
1.2 KiB
Nix
62 lines
1.2 KiB
Nix
|
# Starts an Nginx server on $HOSTNAME just to get a cert for this host
|
||
|
|
|
||
|
|
{ config, lib, pkgs, ... }:
|
||
|
|
|
||
|
|
with lib;
|
||
|
|
let
|
||
|
|
cfg = config.fudo.acme;
|
||
|
|
|
||
|
|
wwwRoot = hostname:
|
||
|
|
pkgs.writeTextFile {
|
||
|
|
name = "index.html";
|
||
|
|
|
||
|
|
text = ''
|
||
|
|
<html>
|
||
|
|
<head>
|
||
|
|
<title>${hostname}</title>
|
||
|
|
</head>
|
||
|
|
<body>
|
||
|
|
<h1>${hostname}</title>
|
||
|
|
</body>
|
||
|
|
</html>
|
||
|
|
'';
|
||
|
|
destination = "/www";
|
||
|
|
};
|
||
|
|
|
||
|
|
in {
|
||
|
|
|
||
|
|
options.fudo.acme = {
|
||
|
|
hostnames = mkOption {
|
||
|
|
type = with types; listOf str;
|
||
|
|
description = "A list of hostnames mapping to this host, for which to acquire SSL certificates.";
|
||
|
|
default = [];
|
||
|
|
example = [
|
||
|
|
"my.hostname.com"
|
||
|
|
"alt.hostname.com"
|
||
|
|
];
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
config = {
|
||
|
|
|
||
|
|
services.nginx = {
|
||
|
|
enable = true;
|
||
|
|
|
||
|
|
virtualHosts = listToAttrs
|
||
|
|
(map
|
||
|
|
(hostname:
|
||
|
|
nameValuePair hostname
|
||
|
|
{
|
||
|
|
enableACME = true;
|
||
|
|
forceSSL = true;
|
||
|
|
root = (wwwRoot hostname) + ("/" + "www");
|
||
|
|
})
|
||
|
|
cfg.hostnames);
|
||
|
|
};
|
||
|
|
|
||
|
|
security.acme.certs = listToAttrs
|
||
|
|
(map (hostname: nameValuePair hostname { email = "admin@fudo.org"; })
|
||
|
|
cfg.hostnames);
|
||
|
|
};
|
||
|
|
}
|