commit d7e1acd9d201feb70b31090fa86ad58b9364b282
author Skyler Grey <minion@clicks.codes> Sat Jun 22 14:42:11 2024 +0000
committer Skyler Grey <minion@clicks.codes> Thu Jul 04 01:56:50 2024 +0000
tree 190c9b5ee71ceca3fa679f1d005420a20eddcafb
parent 067f24adba5015f0d3a7ebf99482fad240c160c5

feat: Add nginx module

Change-Id: I34fbb926c4b7eab344c1c14de4e4b5f82c6c30eb
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/785
Reviewed-by: Samuel Shuert <coded@clicks.codes>
Tested-by: Skyler Grey <minion@clicks.codes>

modules/nixos/clicks/security/acme/default.nix

diff --git a/modules/nixos/clicks/security/acme/default.nix b/modules/nixos/clicks/security/acme/default.nix
index 655e39f..7acb887 100644
--- a/modules/nixos/clicks/security/acme/default.nix
+++ b/modules/nixos/clicks/security/acme/default.nix
@@ -11,16 +11,33 @@
   options.clicks.security.acme = {
     enable = lib.mkEnableOption "Acme defaults";
 
-    email = lib.mkOption {
-      type = lib.types.str;
-      default = "";
-      description = "Email address to use for Let's Encrypt registration.";
-    };
-
     staging = lib.mkOption {
       type = lib.types.bool;
       default = false;
-      description = "Use the Let's Encrypt staging server.";
+      description = "Use the Let's Encrypt staging server";
+    };
+
+    defaults = {
+      email = lib.mkOption {
+        type = lib.types.nullOr lib.types.str;
+        default = null;
+        description = "Email address to use for Let's Encrypt registration";
+      };
+
+      dnsProvider = lib.mkOption {
+        type = lib.types.nullOr lib.types.str;
+        description = "Default provider for getting web certificates";
+        default = config.clicks.services.nginx.defaultDnsProvider;
+      };
+
+      environmentFile = lib.mkOption {
+        type = lib.types.nullOr lib.types.str;
+        default =
+          if config.clicks.security.acme.defaults.dnsProvider == null
+          then null
+          else throw "config.clicks.security.acme: You should provide an environment file default (or explicitly set to null) if you are using a DNS provider";
+        description = "Environment file containing DNS provider credentials";
+      };
     };
   };
 
@@ -29,7 +46,7 @@
       acceptTerms = true;
 
       defaults = {
-        inherit (cfg) email;
+        inherit (cfg.defaults) email dnsProvider environmentFile;
 
         group = lib.mkIf config.services.nginx.enable "nginx";
         server = lib.mkIf cfg.staging "https://acme-staging-v02.api.letsencrypt.org/directory";