modules: services: nginx: use 'credentialsFile'
In preparation for the migration to agenix.
This commit is contained in:
parent
7d37701811
commit
16d3cd9f81
|
@ -106,6 +106,9 @@ in
|
|||
};
|
||||
nginx = {
|
||||
enable = true;
|
||||
acme = {
|
||||
credentialsFile = builtins.toFile "gandi-key.env" my.secrets.acme.key;
|
||||
};
|
||||
};
|
||||
paperless = {
|
||||
enable = true;
|
||||
|
|
|
@ -60,6 +60,16 @@ in
|
|||
options.my.services.nginx = with lib; {
|
||||
enable = mkEnableOption "Nginx";
|
||||
|
||||
acme = {
|
||||
credentialsFile = mkOption {
|
||||
type = types.str;
|
||||
example = "/var/lib/acme/creds.env";
|
||||
description = ''
|
||||
Gandi API key file as an 'EnvironmentFile' (see `systemd.exec(5)`)
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
monitoring = {
|
||||
enable = my.mkDisableOption "monitoring through grafana and prometheus";
|
||||
};
|
||||
|
@ -330,14 +340,13 @@ in
|
|||
certs =
|
||||
let
|
||||
domain = config.networking.domain;
|
||||
key = config.my.secrets.acme.key;
|
||||
in
|
||||
with pkgs;
|
||||
{
|
||||
"${domain}" = {
|
||||
extraDomainNames = [ "*.${domain}" ];
|
||||
dnsProvider = "gandiv5";
|
||||
credentialsFile = writeText "key.env" key; # Unsecure, I don't care.
|
||||
inherit (cfg.acme) credentialsFile;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue