public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security.acme: default name value via module system (#34388)

Browse Source
This commit is contained in:
Joachim Schiele 2018-02-06 22:08:57 +01:00 committed by zimbatm
parent c9d1bf3e76
commit edeacd00ad
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/security/acme.nix
View File

@ -6,10 +6,11 @@ let
cfg = config.security.acme; cfg = config.security.acme;
certOpts = { ... }: { certOpts = { name, ... }: {
options = { options = {
webroot = mkOption { webroot = mkOption {
type = types.str; type = types.str;
example = "/var/lib/acme/acme-challenges";
description = '' description = ''
Where the webroot of the HTTP vhost is located. Where the webroot of the HTTP vhost is located.
<filename>.well-known/acme-challenge/</filename> directory <filename>.well-known/acme-challenge/</filename> directory
@ -20,8 +21,8 @@ let
}; };
domain = mkOption { domain = mkOption {
type = types.nullOr types.str; type = types.str;
default = null; default = name;
description = "Domain to fetch certificate for (defaults to the entry name)"; description = "Domain to fetch certificate for (defaults to the entry name)";
}; };
@ -48,7 +49,7 @@ let
default = false; default = false;
description = '' description = ''
Give read permissions to the specified group Give read permissions to the specified group
(<option>security.acme.group</option>) to read SSL private certificates. (<option>security.acme.cert.<name>.group</option>) to read SSL private certificates.
''; '';
}; };
@ -87,7 +88,7 @@ let
} }
''; '';
description = '' description = ''
Extra domain names for which certificates are to be issued, with their A list of extra domain names, which are included in the one certificate to be issued, with their
own server roots if needed. own server roots if needed.
''; '';
}; };
@ -193,10 +194,9 @@ in
servicesLists = mapAttrsToList certToServices cfg.certs; servicesLists = mapAttrsToList certToServices cfg.certs;
certToServices = cert: data: certToServices = cert: data:
let let
domain = if data.domain != null then data.domain else cert;
cpath = "${cfg.directory}/${cert}"; cpath = "${cfg.directory}/${cert}";
rights = if data.allowKeysForGroup then "750" else "700"; rights = if data.allowKeysForGroup then "750" else "700";
cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ] cmdline = [ "-v" "-d" data.domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ]
++ optionals (data.email != null) [ "--email" data.email ] ++ optionals (data.email != null) [ "--email" data.email ]
++ concatMap (p: [ "-f" p ]) data.plugins ++ concatMap (p: [ "-f" p ]) data.plugins
++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains) ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains)