modules: services: nginx: use 'credentialsFile'

In preparation for the migration to agenix.
This commit is contained in:
Bruno BELANYI 2021-09-25 13:24:23 +02:00
parent ba10af0644
commit ca5e5a53cd
2 changed files with 14 additions and 2 deletions

View file

@ -106,6 +106,9 @@ in
};
nginx = {
enable = true;
acme = {
credentialsFile = builtins.toFile "gandi-key.env" my.secrets.acme.key;
};
};
paperless = {
enable = true;

View file

@ -60,6 +60,16 @@ in
options.my.services.nginx = with lib; {
enable = mkEnableOption "Nginx";
acme = {
credentialsFile = mkOption {
type = types.str;
example = "/var/lib/acme/creds.env";
description = ''
Gandi API key file as an 'EnvironmentFile' (see `systemd.exec(5)`)
'';
};
};
monitoring = {
enable = my.mkDisableOption "monitoring through grafana and prometheus";
};
@ -330,14 +340,13 @@ in
certs =
let
domain = config.networking.domain;
key = config.my.secrets.acme.key;
in
with pkgs;
{
"${domain}" = {
extraDomainNames = [ "*.${domain}" ];
dnsProvider = "gandiv5";
credentialsFile = writeText "key.env" key; # Unsecure, I don't care.
inherit (cfg.acme) credentialsFile;
};
};
};