mirror of
https://github.com/CHN-beta/nixos.git
synced 2024-10-24 16:18:44 +08:00
55 lines
1.6 KiB
Nix
55 lines
1.6 KiB
Nix
inputs:
|
|
{
|
|
options.nixos.services.acme = let inherit (inputs.lib) mkOption types; in mkOption
|
|
{
|
|
type = types.nullOr (types.submodule { options =
|
|
{
|
|
cert = mkOption
|
|
{
|
|
type = types.attrsOf (types.submodule (submoduleInputs: { options =
|
|
{
|
|
domains = mkOption
|
|
{ type = types.nonEmptyListOf types.nonEmptyStr; default = [ submoduleInputs.config._module.args.name ]; };
|
|
group = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
|
|
};}));
|
|
default = {};
|
|
};
|
|
};});
|
|
default = null;
|
|
};
|
|
config = let inherit (inputs.config.nixos.services) acme; in inputs.lib.mkIf (acme != null)
|
|
{
|
|
security.acme =
|
|
{
|
|
acceptTerms = true;
|
|
defaults =
|
|
{
|
|
email = "chn@chn.moe";
|
|
dnsProvider = "cloudflare";
|
|
dnsResolver = "1.1.1.1";
|
|
};
|
|
certs = builtins.listToAttrs (builtins.map
|
|
(cert:
|
|
{
|
|
name = builtins.elemAt cert.value.domains 0;
|
|
value =
|
|
{
|
|
credentialsFile = inputs.config.sops.templates."acme/cloudflare.ini".path;
|
|
extraDomainNames = builtins.tail cert.value.domains;
|
|
group = inputs.lib.mkIf (cert.value.group != null) cert.value.group;
|
|
};
|
|
})
|
|
(inputs.localLib.attrsToList acme.cert));
|
|
};
|
|
sops =
|
|
{
|
|
templates."acme/cloudflare.ini".content =
|
|
''
|
|
CLOUDFLARE_DNS_API_TOKEN=${inputs.config.sops.placeholder."acme/token"}
|
|
CLOUDFLARE_PROPAGATION_TIMEOUT=300
|
|
'';
|
|
secrets."acme/token" = {};
|
|
};
|
|
};
|
|
}
|