chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2024-10-23 04:18:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

services.nginx.https: allow custom TLS certificate

Browse Source
This commit is contained in:
陈浩南 2023-12-17 21:42:57 +08:00
parent 59b053886b
commit b8abc4a326
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
modules/services/nginx/default.nix
View File

@ -94,6 +94,7 @@ inputs:
default = null;
};
rewriteHttps = mkOption { type = types.bool; default = true; };
tlsCert = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
};
listen = mkOption
{
@ -547,7 +548,11 @@ inputs:
# do not automatically add http2 listen
http2 = false;
onlySSL = true;
useACMEHost = site.name;
useACMEHost = mkIf (site.value.global.tlsCert == null) site.name;
sslCertificate = mkIf (site.value.global.tlsCert != null)
"${site.value.global.tlsCert}/fullchain.pem";
sslCertificateKey = mkIf (site.value.global.tlsCert != null)
"${site.value.global.tlsCert}/privkey.pem";
locations = listToAttrs (map
(location:
{