nixos/modules/services/acme.nix

inputs:
{
  options.nixos.services.acme = let inherit (inputs.lib) mkOption types; in mkOption
  {
    type = types.nullOr (types.submodule { options =
    {
      cert = mkOption
      {
        type = types.attrsOf (types.submodule (submoduleInputs: { options =
        {
          domains = mkOption
            { type = types.nonEmptyListOf types.nonEmptyStr; default = [ submoduleInputs.config._module.args.name ]; };
          group = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
        };}));
        default = {};
      };
    };});
    default = null;
  };
  config = let inherit (inputs.config.nixos.services) acme; in inputs.lib.mkIf (acme != null)
  {
    security.acme =
    {
      acceptTerms = true;
      defaults =
      {
        email = "chn@chn.moe";
        dnsProvider = "cloudflare";
        dnsResolver = "1.1.1.1";
      };
      certs = builtins.listToAttrs (builtins.map
        (cert:
        {
          name = builtins.elemAt cert.value.domains 0;
          value =
          {
            credentialsFile = inputs.config.sops.templates."acme/cloudflare.ini".path;
            extraDomainNames = builtins.tail cert.value.domains;
            group = inputs.lib.mkIf (cert.value.group != null) cert.value.group;
          };
        })
        (inputs.localLib.attrsToList acme.cert));
    };
    sops =
    {
      templates."acme/cloudflare.ini".content =
      ''
        CLOUDFLARE_DNS_API_TOKEN=${inputs.config.sops.placeholder."acme/token"}
        CLOUDFLARE_PROPAGATION_TIMEOUT=300
      '';
      secrets."acme/token" = {};
    };
  };
}
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`inputs:`
			`{`
整理coturn acme 2024-03-23 00:43:44 +08:00			`options.nixos.services.acme = let inherit (inputs.lib) mkOption types; in mkOption`
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`{`
整理coturn acme 2024-03-23 00:43:44 +08:00			`type = types.nullOr (types.submodule { options =`
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`{`
整理coturn acme 2024-03-23 00:43:44 +08:00			`cert = mkOption`
acme可以直接设置组 2023-11-08 23:18:19 +08:00			`{`
整理coturn acme 2024-03-23 00:43:44 +08:00			`type = types.attrsOf (types.submodule (submoduleInputs: { options =`
			`{`
			`domains = mkOption`
			`{ type = types.nonEmptyListOf types.nonEmptyStr; default = [ submoduleInputs.config._module.args.name ]; };`
			`group = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };`
			`};}));`
			`default = {};`
			`};`
			`};});`
			`default = null;`
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`};`
整理coturn acme 2024-03-23 00:43:44 +08:00			`config = let inherit (inputs.config.nixos.services) acme; in inputs.lib.mkIf (acme != null)`
			`{`
			`security.acme =`
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`{`
整理coturn acme 2024-03-23 00:43:44 +08:00			`acceptTerms = true;`
services.acme: fix 2024-04-18 21:58:40 +08:00			`defaults =`
			`{`
			`email = "chn@chn.moe";`
			`dnsProvider = "cloudflare";`
services.acme: fix 2024-05-08 11:51:14 +08:00			`dnsResolver = "1.1.1.1";`
services.acme: fix 2024-04-18 21:58:40 +08:00			`};`
整理coturn acme 2024-03-23 00:43:44 +08:00			`certs = builtins.listToAttrs (builtins.map`
			`(cert:`
			`{`
			`name = builtins.elemAt cert.value.domains 0;`
			`value =`
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`{`
services.acme: fix 2024-05-10 16:38:56 +08:00			`credentialsFile = inputs.config.sops.templates."acme/cloudflare.ini".path;`
整理coturn acme 2024-03-23 00:43:44 +08:00			`extraDomainNames = builtins.tail cert.value.domains;`
			`group = inputs.lib.mkIf (cert.value.group != null) cert.value.group;`
			`};`
			`})`
services.acme: fix 2024-03-24 13:55:47 +08:00			`(inputs.localLib.attrsToList acme.cert));`
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`};`
services.acme: fix 2024-05-10 16:38:56 +08:00			`sops =`
			`{`
			`templates."acme/cloudflare.ini".content =`
			`''`
			`CLOUDFLARE_DNS_API_TOKEN=${inputs.config.sops.placeholder."acme/token"}`
			`CLOUDFLARE_PROPAGATION_TIMEOUT=300`
			`'';`
			`secrets."acme/token" = {};`
			`};`
整理coturn acme 2024-03-23 00:43:44 +08:00			`};`
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`}`