about summary refs log tree commit diff
diff options
context:
space:
mode:
authorsefidel <contact@sefidel.net>2024-02-03 04:12:01 +0900
committersefidel <contact@sefidel.net>2024-02-03 04:12:01 +0900
commitea56024728e8ad502ddb3e05f7244fe57ca789e3 (patch)
treeb1d97150bb1b7e439718e1493f2ee6f61b60efdf
parentceca24e64a2d0aa452d6b0fe702eab303d6a83e6 (diff)
downloadnixrc-ea56024728e8ad502ddb3e05f7244fe57ca789e3.tar.gz
nixrc-ea56024728e8ad502ddb3e05f7244fe57ca789e3.zip
feat(modules): add acme
-rw-r--r--modules/services/acme.nix52
1 files changed, 52 insertions, 0 deletions
diff --git a/modules/services/acme.nix b/modules/services/acme.nix
new file mode 100644
index 0000000..b3ebb26
--- /dev/null
+++ b/modules/services/acme.nix
@@ -0,0 +1,52 @@
+{ config, lib, ... }:
+
+with lib;
+let
+  cfg = config.modules.services.acme;
+in
+{
+  options.modules.services.acme = {
+    enable = mkEnableOption "ACME certificate manager";
+    email = mkOption {
+      type = types.str;
+      description = mdDoc ''
+        The postmaster email address to use.
+      '';
+    };
+    certs = mkOption {
+      type = types.attrsOf
+        (types.submodule {
+          options = {
+            domain = mkOption {
+              type = types.nullOr types.str;
+              default = null;
+            };
+            subDomains = mkOption { type = types.listOf types.str; };
+          };
+        });
+    };
+    secrets.acme-credentials = mkOption { type = types.str; description = "path to the acme environment file"; };
+  };
+
+  config = mkIf cfg.enable {
+    security.acme = {
+      acceptTerms = true;
+      defaults.email = cfg.email;
+      certs = mapAttrs
+        (name: { domain, subDomains }: {
+          extraDomainNames = lists.forEach subDomains (elem: elem + ".${name}");
+        } // {
+          dnsProvider = "cloudflare";
+          dnsPropagationCheck = true;
+          credentialsFile = cfg.secrets.acme-credentials;
+        } // optionalAttrs (domain != null) {
+          domain = domain;
+        })
+        cfg.certs;
+    };
+
+    modules.persistence.directories = [
+      "/var/lib/acme"
+    ];
+  };
+}