From b21b38c7711432473e775809d47b1f83b1694f20 Mon Sep 17 00:00:00 2001 From: Soispha Date: Sat, 17 Jun 2023 21:40:13 +0200 Subject: Fix(system/services/acme): Add multiple domains --- system/services/acme/default.nix | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) (limited to 'system/services/acme/default.nix') diff --git a/system/services/acme/default.nix b/system/services/acme/default.nix index a163e77..0a0c4ce 100644 --- a/system/services/acme/default.nix +++ b/system/services/acme/default.nix @@ -1,11 +1,11 @@ -{...}: { - users.users.nginx.extraGroups = ["acme"]; +{lib, ...}: let + domains = import ./domains.nix {}; - services.nginx = { - enable = true; - virtualHosts = { - "acmechallenge.vhack.eu" = { - serverAliases = ["*.vhack.eu"]; + virtualHosts = builtins.listToAttrs ( + builtins.map (domain_name: { + name = "acmechallenge.${domain_name}"; + value = { + serverAliases = ["*.${domain_name}"]; locations."/.well-known/acme-challenge" = { root = "/var/lib/acme/.challenges"; }; @@ -13,18 +13,26 @@ return = "301 https://$host$request_uri"; }; }; - }; + }) + domains + ); + certs = lib.attrsets.genAttrs domains ( + domain_name: { + webroot = "/var/lib/acme/.challenges"; + group = "nginx"; + } + ); +in { + users.users.nginx.extraGroups = ["acme"]; + + services.nginx = { + enable = true; + inherit virtualHosts; }; security.acme = { acceptTerms = true; defaults.email = "admin@vhack.eu"; - certs = { - "server1.vhack.eu" = { - webroot = "/var/lib/acme/.challenges"; - group = "nginx"; - extraDomainNames = ["imap.vhack.eu" "smtp.vhack.eu"]; - }; - }; + inherit certs; }; } -- cgit 1.4.1