diff options
| author | Soispha <soispha@vhack.eu> | 2023-06-17 21:40:13 +0200 |
|---|---|---|
| committer | Soispha <soispha@vhack.eu> | 2023-06-17 22:03:30 +0200 |
| commit | b21b38c7711432473e775809d47b1f83b1694f20 (patch) | |
| tree | 9f70f014965a7366ff058956c5534f57befd74ea | |
| parent | Fix(system/services/nginx): Switch to git-sync (diff) | |
| download | nixos-server-b21b38c7711432473e775809d47b1f83b1694f20.tar.gz nixos-server-b21b38c7711432473e775809d47b1f83b1694f20.zip | |
Fix(system/services/acme): Add multiple domains
| -rw-r--r-- | .gitattributes | 1 | ||||
| -rw-r--r-- | system/services/acme/default.nix | 38 | ||||
| -rw-r--r-- | system/services/acme/domains.nix | bin | 0 -> 130 bytes |
3 files changed, 24 insertions, 15 deletions
diff --git a/.gitattributes b/.gitattributes index a69acc8..80f5bb9 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,3 @@ system/mail/users.nix filter=git-crypt diff=git-crypt system/services/nginx/hosts.nix filter=git-crypt diff=git-crypt +system/services/acme/domains.nix filter=git-crypt diff=git-crypt diff --git a/system/services/acme/default.nix b/system/services/acme/default.nix index a163e77..0a0c4ce 100644 --- a/system/services/acme/default.nix +++ b/system/services/acme/default.nix @@ -1,11 +1,11 @@ -{...}: { - users.users.nginx.extraGroups = ["acme"]; +{lib, ...}: let + domains = import ./domains.nix {}; - services.nginx = { - enable = true; - virtualHosts = { - "acmechallenge.vhack.eu" = { - serverAliases = ["*.vhack.eu"]; + virtualHosts = builtins.listToAttrs ( + builtins.map (domain_name: { + name = "acmechallenge.${domain_name}"; + value = { + serverAliases = ["*.${domain_name}"]; locations."/.well-known/acme-challenge" = { root = "/var/lib/acme/.challenges"; }; @@ -13,18 +13,26 @@ return = "301 https://$host$request_uri"; }; }; - }; + }) + domains + ); + certs = lib.attrsets.genAttrs domains ( + domain_name: { + webroot = "/var/lib/acme/.challenges"; + group = "nginx"; + } + ); +in { + users.users.nginx.extraGroups = ["acme"]; + + services.nginx = { + enable = true; + inherit virtualHosts; }; security.acme = { acceptTerms = true; defaults.email = "admin@vhack.eu"; - certs = { - "server1.vhack.eu" = { - webroot = "/var/lib/acme/.challenges"; - group = "nginx"; - extraDomainNames = ["imap.vhack.eu" "smtp.vhack.eu"]; - }; - }; + inherit certs; }; } diff --git a/system/services/acme/domains.nix b/system/services/acme/domains.nix new file mode 100644 index 0000000..8f0930d --- /dev/null +++ b/system/services/acme/domains.nix Binary files differ |