summary refs log tree commit diff stats
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--system/services/acme/default.nix38
-rw-r--r--system/services/acme/domains.nixbin0 -> 130 bytes
2 files changed, 23 insertions, 15 deletions
diff --git a/system/services/acme/default.nix b/system/services/acme/default.nix
index a163e77..0a0c4ce 100644
--- a/system/services/acme/default.nix
+++ b/system/services/acme/default.nix
@@ -1,11 +1,11 @@
-{...}: {
-  users.users.nginx.extraGroups = ["acme"];
+{lib, ...}: let
+  domains = import ./domains.nix {};
 
-  services.nginx = {
-    enable = true;
-    virtualHosts = {
-      "acmechallenge.vhack.eu" = {
-        serverAliases = ["*.vhack.eu"];
+  virtualHosts = builtins.listToAttrs (
+    builtins.map (domain_name: {
+      name = "acmechallenge.${domain_name}";
+      value = {
+        serverAliases = ["*.${domain_name}"];
         locations."/.well-known/acme-challenge" = {
           root = "/var/lib/acme/.challenges";
         };
@@ -13,18 +13,26 @@
           return = "301 https://$host$request_uri";
         };
       };
-    };
+    })
+    domains
+  );
+  certs = lib.attrsets.genAttrs domains (
+    domain_name: {
+      webroot = "/var/lib/acme/.challenges";
+      group = "nginx";
+    }
+  );
+in {
+  users.users.nginx.extraGroups = ["acme"];
+
+  services.nginx = {
+    enable = true;
+    inherit virtualHosts;
   };
 
   security.acme = {
     acceptTerms = true;
     defaults.email = "admin@vhack.eu";
-    certs = {
-      "server1.vhack.eu" = {
-        webroot = "/var/lib/acme/.challenges";
-        group = "nginx";
-        extraDomainNames = ["imap.vhack.eu" "smtp.vhack.eu"];
-      };
-    };
+    inherit certs;
   };
 }
diff --git a/system/services/acme/domains.nix b/system/services/acme/domains.nix
new file mode 100644
index 0000000..8f0930d
--- /dev/null
+++ b/system/services/acme/domains.nix
Binary files differ