nixos/modules/services/acme.nix

inputs:
{
  options.nixos.services.acme = let inherit (inputs.lib) mkOption types; in
  {
    enable = mkOption { type = types.bool; default = false; };
    cert = mkOption
    {
      type = types.attrsOf (types.submodule (submoduleInputs: { options =
      {
        domains = mkOption
        {
          type = types.nonEmptyListOf types.nonEmptyStr;
          default = [ submoduleInputs.config._module.args.name ];
        };
        group = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
      };}));
      default = {};
    };
  };
  config =
    let
      inherit (inputs.lib) mkIf;
      inherit (inputs.config.nixos.services) acme;
      inherit (builtins) map listToAttrs;
      inherit (inputs.localLib) attrsToList;
    in mkIf acme.enable
    {
      security.acme =
      {
        acceptTerms = true;
        defaults.email = "chn@chn.moe";
        certs = listToAttrs (map
          (cert:
          {
            name = builtins.elemAt cert.value.domains 0;
            value =
            {
              dnsResolver = "8.8.8.8";
              dnsProvider = "cloudflare";
              credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;
              extraDomainNames = builtins.tail cert.value.domains;
              group = mkIf (cert.value.group != null) cert.value.group;
            };
          })
          (attrsToList acme.cert));
      };
      sops.secrets."acme/cloudflare.ini" = {};
    };
}
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`inputs:`
			`{`
			`options.nixos.services.acme = let inherit (inputs.lib) mkOption types; in`
			`{`
			`enable = mkOption { type = types.bool; default = false; };`
acme可以直接设置组 2023-11-08 23:18:19 +08:00			`cert = mkOption`
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`{`
可以编译通过 2023-11-09 23:04:28 +08:00			`type = types.attrsOf (types.submodule (submoduleInputs: { options =`
acme可以直接设置组 2023-11-08 23:18:19 +08:00			`{`
			`domains = mkOption`
			`{`
			`type = types.nonEmptyListOf types.nonEmptyStr;`
			`default = [ submoduleInputs.config._module.args.name ];`
			`};`
			`group = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };`
可以编译通过 2023-11-09 23:04:28 +08:00			`};}));`
acme可以直接设置组 2023-11-08 23:18:19 +08:00			`default = {};`
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`};`
			`};`
			`config =`
			`let`
			`inherit (inputs.lib) mkIf;`
			`inherit (inputs.config.nixos.services) acme;`
			`inherit (builtins) map listToAttrs;`
acme可以直接设置组 2023-11-08 23:18:19 +08:00			`inherit (inputs.localLib) attrsToList;`
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`in mkIf acme.enable`
			`{`
			`security.acme =`
			`{`
			`acceptTerms = true;`
			`defaults.email = "chn@chn.moe";`
			`certs = listToAttrs (map`
			`(cert:`
			`{`
acme可以直接设置组 2023-11-08 23:18:19 +08:00			`name = builtins.elemAt cert.value.domains 0;`
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`value =`
			`{`
			`dnsResolver = "8.8.8.8";`
			`dnsProvider = "cloudflare";`
			`credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;`
acme可以直接设置组 2023-11-08 23:18:19 +08:00			`extraDomainNames = builtins.tail cert.value.domains;`
			`group = mkIf (cert.value.group != null) cert.value.group;`
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`};`
			`})`
acme可以直接设置组 2023-11-08 23:18:19 +08:00			`(attrsToList acme.cert));`
acme: allow multiple domains 2023-09-13 21:13:13 +08:00			`};`
			`sops.secrets."acme/cloudflare.ini" = {};`
			`};`
			`}`