public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/acme: validMin & renewInterval aren't cert-specific

Browse Source
This commit is contained in:
Franz Pletz 2015-12-12 14:21:44 +01:00
parent 0517d59a66
commit 9374ddb895
1 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
nixos/modules/security/acme.nix
View File

@ -19,22 +19,6 @@ let
''; '';
}; };
validMin = mkOption {
type = types.int;
default = 30 * 24 * 3600;
description = "Minimum remaining validity before renewal in seconds.";
};
renewInterval = mkOption {
type = types.str;
default = "weekly";
description = ''
Systemd calendar expression when to check for renewal. See
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>.
'';
};
email = mkOption { email = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
@ -108,6 +92,22 @@ in
''; '';
}; };
validMin = mkOption {
type = types.int;
default = 30 * 24 * 3600;
description = "Minimum remaining validity before renewal in seconds.";
};
renewInterval = mkOption {
type = types.str;
default = "weekly";
description = ''
Systemd calendar expression when to check for renewal. See
<citerefentry><refentrytitle>systemd.time</refentrytitle>
<manvolnum>5</manvolnum></citerefentry>.
'';
};
certs = mkOption { certs = mkOption {
default = { }; default = { };
type = types.loaOf types.optionSet; type = types.loaOf types.optionSet;
@ -136,7 +136,7 @@ in
systemd.services = flip mapAttrs' cfg.certs (cert: data: systemd.services = flip mapAttrs' cfg.certs (cert: data:
let let
cpath = "${cfg.directory}/${cert}"; cpath = "${cfg.directory}/${cert}";
cmdline = [ "-v" "-d" cert "--default_root" data.webroot "--valid_min" data.validMin ] cmdline = [ "-v" "-d" cert "--default_root" data.webroot "--valid_min" cfg.validMin ]
++ optionals (data.email != null) [ "--email" data.email ] ++ optionals (data.email != null) [ "--email" data.email ]
++ concatMap (p: [ "-f" p ]) data.plugins ++ concatMap (p: [ "-f" p ]) data.plugins
++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains); ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains);
@ -186,7 +186,7 @@ in
description = "timer for ACME cert renewal of ${cert}"; description = "timer for ACME cert renewal of ${cert}";
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
OnCalendar = data.renewInterval; OnCalendar = cfg.renewInterval;
Unit = "acme-simp_le-${cert}.service"; Unit = "acme-simp_le-${cert}.service";
}; };
}) })