diff options
author | sefidel <contact@sefidel.net> | 2024-02-03 04:12:01 +0900 |
---|---|---|
committer | sefidel <contact@sefidel.net> | 2024-02-03 04:12:01 +0900 |
commit | ea56024728e8ad502ddb3e05f7244fe57ca789e3 (patch) | |
tree | b1d97150bb1b7e439718e1493f2ee6f61b60efdf | |
parent | ceca24e64a2d0aa452d6b0fe702eab303d6a83e6 (diff) | |
download | nixrc-ea56024728e8ad502ddb3e05f7244fe57ca789e3.tar.gz nixrc-ea56024728e8ad502ddb3e05f7244fe57ca789e3.zip |
feat(modules): add acme
-rw-r--r-- | modules/services/acme.nix | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/modules/services/acme.nix b/modules/services/acme.nix new file mode 100644 index 0000000..b3ebb26 --- /dev/null +++ b/modules/services/acme.nix @@ -0,0 +1,52 @@ +{ config, lib, ... }: + +with lib; +let + cfg = config.modules.services.acme; +in +{ + options.modules.services.acme = { + enable = mkEnableOption "ACME certificate manager"; + email = mkOption { + type = types.str; + description = mdDoc '' + The postmaster email address to use. + ''; + }; + certs = mkOption { + type = types.attrsOf + (types.submodule { + options = { + domain = mkOption { + type = types.nullOr types.str; + default = null; + }; + subDomains = mkOption { type = types.listOf types.str; }; + }; + }); + }; + secrets.acme-credentials = mkOption { type = types.str; description = "path to the acme environment file"; }; + }; + + config = mkIf cfg.enable { + security.acme = { + acceptTerms = true; + defaults.email = cfg.email; + certs = mapAttrs + (name: { domain, subDomains }: { + extraDomainNames = lists.forEach subDomains (elem: elem + ".${name}"); + } // { + dnsProvider = "cloudflare"; + dnsPropagationCheck = true; + credentialsFile = cfg.secrets.acme-credentials; + } // optionalAttrs (domain != null) { + domain = domain; + }) + cfg.certs; + }; + + modules.persistence.directories = [ + "/var/lib/acme" + ]; + }; +} |