modules/nixos/clicks/security/acme/default.nix - Infra/NixFiles - Gitiles

 # SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
 # SPDX-FileCopyrightText: 2024 Clicks Codes
 #
 # SPDX-License-Identifier: GPL-3.0-only

 { lib, config, ... }:
 let
   cfg = config.clicks.security.acme;
 in
 {
   options.clicks.security.acme = {
     enable = lib.mkEnableOption "Acme defaults";

     staging = lib.mkOption {
       type = lib.types.bool;
       default = false;
       description = "Use the Let's Encrypt staging server";
     };

     defaults = {
       email = lib.mkOption {
         type = lib.types.nullOr lib.types.str;
         default = null;
         description = "Email address to use for Let's Encrypt registration";
       };

       dnsProvider = lib.mkOption {
         type = lib.types.nullOr lib.types.str;
         description = "Default provider for getting web certificates";
         default = config.clicks.services.nginx.defaultDnsProvider;
       };

       environmentFile = lib.mkOption {
         type = lib.types.nullOr lib.types.str;
         default =
           if config.clicks.security.acme.defaults.dnsProvider == null
           then null
           else throw "config.clicks.security.acme: You should provide an environment file default (or explicitly set to null) if you are using a DNS provider";
         description = "Environment file containing DNS provider credentials";
       };
     };
   };

   config = lib.mkIf cfg.enable {
     security.acme = {
       acceptTerms = true;

       defaults = {
         inherit (cfg.defaults) email dnsProvider environmentFile;

         group = lib.mkIf config.services.nginx.enable "nginx";
         server = lib.mkIf cfg.staging "https://acme-staging-v02.api.letsencrypt.org/directory";

         # Reload nginx when certs change.
         reloadServices = lib.optional config.services.nginx.enable "nginx.service";
       };
     };
   };
 }
	# SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors
	# SPDX-FileCopyrightText: 2024 Clicks Codes
	#
	# SPDX-License-Identifier: GPL-3.0-only

	{ lib, config, ... }:
	let
	cfg = config.clicks.security.acme;
	in
	{
	options.clicks.security.acme = {
	enable = lib.mkEnableOption "Acme defaults";

	staging = lib.mkOption {
	type = lib.types.bool;
	default = false;
	description = "Use the Let's Encrypt staging server";
	};

	defaults = {
	email = lib.mkOption {
	type = lib.types.nullOr lib.types.str;
	default = null;
	description = "Email address to use for Let's Encrypt registration";
	};

	dnsProvider = lib.mkOption {
	type = lib.types.nullOr lib.types.str;
	description = "Default provider for getting web certificates";
	default = config.clicks.services.nginx.defaultDnsProvider;
	};

	environmentFile = lib.mkOption {
	type = lib.types.nullOr lib.types.str;
	default =
	if config.clicks.security.acme.defaults.dnsProvider == null
	then null
	else throw "config.clicks.security.acme: You should provide an environment file default (or explicitly set to null) if you are using a DNS provider";
	description = "Environment file containing DNS provider credentials";
	};
	};
	};

	config = lib.mkIf cfg.enable {
	security.acme = {
	acceptTerms = true;

	defaults = {
	inherit (cfg.defaults) email dnsProvider environmentFile;

	group = lib.mkIf config.services.nginx.enable "nginx";
	server = lib.mkIf cfg.staging "https://acme-staging-v02.api.letsencrypt.org/directory";

	# Reload nginx when certs change.
	reloadServices = lib.optional config.services.nginx.enable "nginx.service";
	};
	};
	};
	}