chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2024-10-23 07:28:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

acme可以直接设置组

Browse Source
This commit is contained in:
陈浩南 2023-11-08 23:18:19 +08:00
parent bc351ff0d4
commit 967f7f155e
1 changed files with 16 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
modules/services/acme.nix
View File

@ -3,10 +3,18 @@ inputs:
options.nixos.services.acme = let inherit (inputs.lib) mkOption types; in
{
enable = mkOption { type = types.bool; default = false; };
certs = mkOption
cert = mkOption
{
type = types.listOf (types.oneOf [ types.nonEmptyStr (types.listOf types.nonEmptyStr) ]);
default = [];
type = types.attrsOf (types.submodule (submoduleInputs:
{
domains = mkOption
{
type = types.nonEmptyListOf types.nonEmptyStr;
default = [ submoduleInputs.config._module.args.name ];
};
group = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
}));
default = {};
};
};
config =
@ -14,6 +22,7 @@ inputs:
inherit (inputs.lib) mkIf;
inherit (inputs.config.nixos.services) acme;
inherit (builtins) map listToAttrs;
inherit (inputs.localLib) attrsToList;
in mkIf acme.enable
{
security.acme =
@ -23,16 +32,17 @@ inputs:
certs = listToAttrs (map
(cert:
{
name = if builtins.typeOf cert == "string" then cert else builtins.elemAt cert 0;
name = builtins.elemAt cert.value.domains 0;
value =
{
dnsResolver = "8.8.8.8";
dnsProvider = "cloudflare";
credentialsFile = inputs.config.sops.secrets."acme/cloudflare.ini".path;
extraDomainNames = if builtins.typeOf cert == "string" then [] else builtins.tail cert;
extraDomainNames = builtins.tail cert.value.domains;
group = mkIf (cert.value.group != null) cert.value.group;
};
})
acme.certs);
(attrsToList acme.cert));
};
sops.secrets."acme/cloudflare.ini" = {};
};