ambroisie/nix-config
ambroisie/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

modules: services: nginx: use 'credentialsFile'

Browse source 
In preparation for the migration to agenix.
This commit is contained in:
Bruno BELANYI 2021-09-25 13:24:23 +02:00
parent 7d37701811
commit 16d3cd9f81
2 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
machines/porthos/services.nix
View file

@ -106,6 +106,9 @@ in
}; };
nginx = { nginx = {
enable = true; enable = true;
acme = {
credentialsFile = builtins.toFile "gandi-key.env" my.secrets.acme.key;
};
}; };
paperless = { paperless = {
enable = true; enable = true;

13
modules/services/nginx.nix
View file

@ -60,6 +60,16 @@ in
options.my.services.nginx = with lib; { options.my.services.nginx = with lib; {
enable = mkEnableOption "Nginx"; enable = mkEnableOption "Nginx";
acme = {
credentialsFile = mkOption {
type = types.str;
example = "/var/lib/acme/creds.env";
description = ''
Gandi API key file as an 'EnvironmentFile' (see `systemd.exec(5)`)
'';
};
};
monitoring = { monitoring = {
enable = my.mkDisableOption "monitoring through grafana and prometheus"; enable = my.mkDisableOption "monitoring through grafana and prometheus";
}; };
@ -330,14 +340,13 @@ in
certs = certs =
let let
domain = config.networking.domain; domain = config.networking.domain;
key = config.my.secrets.acme.key;
in in
with pkgs; with pkgs;
{ {
"${domain}" = { "${domain}" = {
extraDomainNames = [ "*.${domain}" ]; extraDomainNames = [ "*.${domain}" ];
dnsProvider = "gandiv5"; dnsProvider = "gandiv5";
credentialsFile = writeText "key.env" key; # Unsecure, I don't care. inherit (cfg.acme) credentialsFile;
}; };
}; };
}; };