1
0
Fork 0
permafrost/modules/nginx.nix
2024-12-27 13:42:09 -08:00

41 lines
1.1 KiB
Nix

{ lib, config, ... }:
let
cfg = config.permafrost.nginx;
in
{
options.permafrost.nginx = {
enable = lib.mkEnableOption "nginx nixos module";
enableACME = lib.mkEnableOption "acme cert generation and use";
certDomains = lib.mkOptions {
description = "additional domains to register with the ACME cert";
default = [ ];
type = with lib.types; listOf str;
};
useStagingServer = lib.mkOption {
description = "use the letsencrypt staging server";
default = true;
type = with lib.types; bool;
};
};
config = lib.mkIf cfg.enable {
services.nginx.enable = true;
security.acme.acceptTerms = true;
security.acme.certs.permafrost = lib.mkIf cfg.enableACME {
email = "Zynh0722@gmail.com";
domain = "scarlet.zynh.me";
renewInterval = "weekly";
server =
if cfg.useStagingServer
then "https://acme-staging-v02.api.letsencrypt.org/directory"
else config.security.acme.defaults.server;
extraDomainNames = cfg.certDomains;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}