Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 92e626af4a2e510198089032c4c0709e3568dd0e / . / modules / nixos / clicks / security / acme / default.nix
blob: 655e39f2047d71897bd15b3e58aa132910eaaaf3 [file] [log] [blame]
# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
# SPDX-FileCopyrightText: 2024 Clicks Codes
#
# SPDX-License-Identifier: GPL-3.0-only
{ lib, config, ... }:
let
cfg = config.clicks.security.acme;
in
{
options.clicks.security.acme = {
enable = lib.mkEnableOption "Acme defaults";
email = lib.mkOption {
type = lib.types.str;
default = "";
description = "Email address to use for Let's Encrypt registration.";
};
staging = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Use the Let's Encrypt staging server.";
};
};
config = lib.mkIf cfg.enable {
security.acme = {
acceptTerms = true;
defaults = {
inherit (cfg) email;
group = lib.mkIf config.services.nginx.enable "nginx";
server = lib.mkIf cfg.staging "https://acme-staging-v02.api.letsencrypt.org/directory";
# Reload nginx when certs change.
reloadServices = lib.optional config.services.nginx.enable "nginx.service";
};
};
};
}