| Skyler Grey | f08a619 | 2024-06-01 23:55:20 +0000 | [diff] [blame] | 1 | # SPDX-FileCopyrightText: 2024 Auxolotl Infrastructure Contributors |
| 2 | # SPDX-FileCopyrightText: 2024 Clicks Codes |
| 3 | # |
| 4 | # SPDX-License-Identifier: GPL-3.0-only |
| 5 | |
| 6 | { lib, config, ... }: |
| 7 | let |
| 8 | cfg = config.clicks.security.acme; |
| 9 | in |
| 10 | { |
| 11 | options.clicks.security.acme = { |
| 12 | enable = lib.mkEnableOption "Acme defaults"; |
| 13 | |
| 14 | email = lib.mkOption { |
| 15 | type = lib.types.str; |
| 16 | default = ""; |
| 17 | description = "Email address to use for Let's Encrypt registration."; |
| 18 | }; |
| 19 | |
| 20 | staging = lib.mkOption { |
| 21 | type = lib.types.bool; |
| 22 | default = false; |
| 23 | description = "Use the Let's Encrypt staging server."; |
| 24 | }; |
| 25 | }; |
| 26 | |
| 27 | config = lib.mkIf cfg.enable { |
| 28 | security.acme = { |
| 29 | acceptTerms = true; |
| 30 | |
| 31 | defaults = { |
| 32 | inherit (cfg) email; |
| 33 | |
| 34 | group = lib.mkIf config.services.nginx.enable "nginx"; |
| 35 | server = lib.mkIf cfg.staging "https://acme-staging-v02.api.letsencrypt.org/directory"; |
| 36 | |
| 37 | # Reload nginx when certs change. |
| 38 | reloadServices = lib.optional config.services.nginx.enable "nginx.service"; |
| 39 | }; |
| 40 | }; |
| 41 | }; |
| 42 | } |