···

       
80
       
80
       
 
       
  ./programs/xfs_quota.nix

     

       
81
       
81
       
 
       
  ./programs/zsh/zsh.nix

     

       
82
       
82
       
 
       
  ./rename.nix

     

       
83
       
83
       
+
       
  ./security/acme.nix

     

       
83
       
84
       
 
       
  ./security/apparmor.nix

     

       
84
       
85
       
 
       
  ./security/apparmor-suid.nix

     

       
85
       
86
       
 
       
  ./security/ca.nix

     
···

       
388
       
389
       
 
       
  ./services/security/hologram.nix

     

       
389
       
390
       
 
       
  ./services/security/munge.nix

     

       
390
       
391
       
 
       
  ./services/security/physlock.nix

     

       
391
       
391
       
-
       
  ./services/security/simp_le.nix

     

       
392
       
392
       
 
       
  ./services/security/torify.nix

     

       
393
       
393
       
 
       
  ./services/security/tor.nix

     

       
394
       
394
       
 
       
  ./services/security/torsocks.nix

     

···

       
4
       
4
       
 
       


     

       
5
       
5
       
 
       
let

     

       
6
       
6
       
 
       


     

       
7
       
7
       
-
       
  cfg = config.services.simp_le;

     

       
7
       
7
       
+
       
  cfg = config.security.acme;

     

       
8
       
8
       
 
       


     

       
9
       
9
       
 
       
  certOpts = { ... }: {

     

       
10
       
10
       
 
       
    options = {

     
···

       
40
       
40
       
 
       
      user = mkOption {

     

       
41
       
41
       
 
       
        type = types.str;

     

       
42
       
42
       
 
       
        default = "root";

     

       
43
       
43
       
-
       
        description = "User under which simp_le would run.";

     

       
43
       
43
       
+
       
        description = "User running the ACME client.";

     

       
44
       
44
       
 
       
      };

     

       
45
       
45
       
 
       


     

       
46
       
46
       
 
       
      group = mkOption {

     

       
47
       
47
       
 
       
        type = types.str;

     

       
48
       
48
       
 
       
        default = "root";

     

       
49
       
49
       
-
       
        description = "Group under which simp_le would run.";

     

       
49
       
49
       
+
       
        description = "Group running the ACME client.";

     

       
50
       
50
       
 
       
      };

     

       
51
       
51
       
 
       


     

       
52
       
52
       
 
       
      postRun = mkOption {

     
···

       
95
       
95
       
 
       
  ###### interface

     

       
96
       
96
       
 
       


     

       
97
       
97
       
 
       
  options = {

     

       
98
       
98
       
-
       
    services.simp_le = {

     

       
98
       
98
       
+
       
    security.acme = {

     

       
99
       
99
       
 
       
      directory = mkOption {

     

       
100
       
100
       
-
       
        default = "/var/lib/simp_le";

     

       
100
       
100
       
+
       
        default = "/var/lib/acme";

     

       
101
       
101
       
 
       
        type = types.str;

     

       
102
       
102
       
 
       
        description = ''

     

       
103
       
103
       
 
       
          Directory where certs and other state will be stored by default.

     
···

       
138
       
138
       
 
       
                  ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains);

     

       
139
       
139
       
 
       


     

       
140
       
140
       
 
       
      in nameValuePair

     

       
141
       
141
       
-
       
      ("simp_le-${cert}")

     

       
141
       
141
       
+
       
      ("acme-${cert}")

     

       
142
       
142
       
 
       
      ({

     

       
143
       
143
       
-
       
        description = "simp_le cert renewal for ${cert}";

     

       
143
       
143
       
+
       
        description = "ACME cert renewal for ${cert} using simp_le";

     

       
144
       
144
       
 
       
        after = [ "network.target" ];

     

       
145
       
145
       
 
       
        serviceConfig = {

     

       
146
       
146
       
 
       
          Type = "oneshot";

     
···

       
177
       
177
       
 
       
    );

     

       
178
       
178
       
 
       


     

       
179
       
179
       
 
       
    systemd.timers = flip mapAttrs' cfg.certs (cert: data: nameValuePair

     

       
180
       
180
       
-
       
      ("simp_le-${cert}")

     

       
180
       
180
       
+
       
      ("acme-${cert}")

     

       
181
       
181
       
 
       
      ({

     

       
182
       
182
       
-
       
        description = "timer for simp_le cert renewal of ${cert}";

     

       
182
       
182
       
+
       
        description = "timer for ACME cert renewal of ${cert}";

     

       
183
       
183
       
 
       
        wantedBy = [ "timers.target" ];

     

       
184
       
184
       
 
       
        timerConfig = {

     

       
185
       
185
       
 
       
          OnCalendar = data.renewInterval;

     

       
186
       
186
       
-
       
          Unit = "simp_le-${cert}.service";

     

       
186
       
186
       
+
       
          Unit = "acme-simp_le-${cert}.service";

     

       
187
       
187
       
 
       
        };

     

       
188
       
188
       
 
       
      })

     

       
189
       
189
       
 
       
    );