NullCube/permafrost
1
0
Fork 0
forked from Zynh0722/permafrost
Code Pull requests Activity

nginx: certs

Browse source
This commit is contained in:
Zynh Ludwig 2024-12-27 06:58:10 -08:00
parent 75e970e330
commit 5812f0c85e
1 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
modules/nginx.nix
View file

@ -6,12 +6,36 @@ in
{ {
options.permafrost.nginx = { options.permafrost.nginx = {
enable = lib.mkEnableOption "nginx nixos module"; enable = lib.mkEnableOption "nginx nixos module";
enableACME = lib.mkEnableOption "acme cert generation and use";
certDomains = lib.mkOptions {
description = "additional domains to register with the ACME cert";
default = [ ];
type = with lib.types; listOf str;
};
useStagingServer = lib.mkOption {
description = "use the letsencrypt staging server";
default = true;
type = with lib.types; bool;
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.nginx.enable = true; services.nginx.enable = true;
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
# TODO: security.acme.certs + services.nginx.virtualHosts.<name>.useACMEHost # TODO: security.acme.certs + services.nginx.virtualHosts.<name>.useACMEHost
security.acme.certs.permafrost = lib.mkIf cfg.enableACME {
email = "Zynh0722@gmail.com";
domain = "scarlet.zynh.me";
renewInterval = "weekly";
server =
if cfg.useStagingServer
then "https://acme-staging-v02.api.letsencrypt.org/directory"
else config.security.acme.defaults.server;
extraDomainNames = cfg.certDomains;
};
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
}; };