commit ade414b6c7b9b5fe5cf69d4a1508973f7f4787f0 · pyrox.dev/nixpkgs

+2 -2

nixos/modules/security/acme/default.md

···

       189
        
       security.acme.certs."example.com" = {

     

       190
        
         domain = "*.example.com";

     

       191
        
         dnsProvider = "rfc2136";

     

       192
       -
         credentialsFile = "/var/lib/secrets/certs.secret";

     

       193
        
         # We don't need to wait for propagation since this is a local DNS server

     

       194
        
         dnsPropagationCheck = false;

     

       195
        
       };

     
···

       256
        
       security.acme.defaults.email = "admin+acme@example.com";

     

       257
        
       security.acme.defaults = {

     

       258
        
         dnsProvider = "rfc2136";

     

       259
       -
         credentialsFile = "/var/lib/secrets/certs.secret";

     

       260
        
         # We don't need to wait for propagation since this is a local DNS server

     

       261
        
         dnsPropagationCheck = false;

     

       262
        
       };

···

       189
        
       security.acme.certs."example.com" = {

     

       190
        
         domain = "*.example.com";

     

       191
        
         dnsProvider = "rfc2136";

     

       192
       +
         environmentFile = "/var/lib/secrets/certs.secret";

     

       193
        
         # We don't need to wait for propagation since this is a local DNS server

     

       194
        
         dnsPropagationCheck = false;

     

       195
        
       };

     
···

       256
        
       security.acme.defaults.email = "admin+acme@example.com";

     

       257
        
       security.acme.defaults = {

     

       258
        
         dnsProvider = "rfc2136";

     

       259
       +
         environmentFile = "/var/lib/secrets/certs.secret";

     

       260
        
         # We don't need to wait for propagation since this is a local DNS server

     

       261
        
         dnsPropagationCheck = false;

     

       262
        
       };

+8 -4

nixos/modules/security/acme/default.nix

···

       362
        
                 "/var/lib/acme/.lego/${cert}/${certDir}:/tmp/certificates"

     

       363
        
               ];

     

       364
        
       

     

       365
       -
               # Only try loading the credentialsFile if the dns challenge is enabled

     

       366
       -
               EnvironmentFile = mkIf useDns data.credentialsFile;

     

       367
        
       

     

       368
        
               Environment = mkIf useDns

     

       369
        
                 (mapAttrsToList (k: v: ''"${k}=%d/${k}"'') data.credentialFiles);

     
···

       502
        
             defaultText = if isDefaults then default else literalExpression "config.security.acme.defaults.${name}";

     

       503
        
           };

     

       504
        
         in {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       505
        
           options = {

     

       506
        
             validMinDays = mkOption {

     

       507
        
               type = types.int;

     
···

       613
        
               '';

     

       614
        
             };

     

       615
        
       

     

       616
       -
             credentialsFile = mkOption {

     

       617
        
               type = types.nullOr types.path;

     

       618
       -
               inherit (defaultAndText "credentialsFile" null) default defaultText;

     

       619
        
               description = lib.mdDoc ''

     

       620
        
                 Path to an EnvironmentFile for the cert's service containing any required and

     

       621
        
                 optional environment variables for your selected dnsProvider.

···

       362
        
                 "/var/lib/acme/.lego/${cert}/${certDir}:/tmp/certificates"

     

       363
        
               ];

     

       364
        
       

     

       365
       +
               # Only try loading the environmentFile if the dns challenge is enabled

     

       366
       +
               EnvironmentFile = mkIf useDns data.environmentFile;

     

       367
        
       

     

       368
        
               Environment = mkIf useDns

     

       369
        
                 (mapAttrsToList (k: v: ''"${k}=%d/${k}"'') data.credentialFiles);

     
···

       502
        
             defaultText = if isDefaults then default else literalExpression "config.security.acme.defaults.${name}";

     

       503
        
           };

     

       504
        
         in {

     

       505
       +
           imports = [

     

       506
       +
             (mkRenamedOptionModule [ "credentialsFile" ] [ "environmentFile" ])

     

       507
       +
           ];

     

       508
       +
       

     

       509
        
           options = {

     

       510
        
             validMinDays = mkOption {

     

       511
        
               type = types.int;

     
···

       617
        
               '';

     

       618
        
             };

     

       619
        
       

     

       620
       +
             environmentFile = mkOption {

     

       621
        
               type = types.nullOr types.path;

     

       622
       +
               inherit (defaultAndText "environmentFile" null) default defaultText;

     

       623
        
               description = lib.mdDoc ''

     

       624
        
                 Path to an EnvironmentFile for the cert's service containing any required and

     

       625
        
                 optional environment variables for your selected dnsProvider.

+1 -1

nixos/tests/acme.nix

···

       18
        
         dnsConfig = nodes: {

     

       19
        
           dnsProvider = "exec";

     

       20
        
           dnsPropagationCheck = false;

     

       21
       -
           credentialsFile = pkgs.writeText "wildcard.env" ''

     

       22
        
             EXEC_PATH=${dnsScript nodes}

     

       23
        
             EXEC_POLLING_INTERVAL=1

     

       24
        
             EXEC_PROPAGATION_TIMEOUT=1

···

       18
        
         dnsConfig = nodes: {

     

       19
        
           dnsProvider = "exec";

     

       20
        
           dnsPropagationCheck = false;

     

       21
       +
           environmentFile = pkgs.writeText "wildcard.env" ''

     

       22
        
             EXEC_PATH=${dnsScript nodes}

     

       23
        
             EXEC_POLLING_INTERVAL=1

     

       24
        
             EXEC_PROPAGATION_TIMEOUT=1