mirror/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-09-29 15:43:00 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

nixos/acme: rename option credentialsFile to environmentFile

Browse Source
This commit is contained in:
datafoo 2023-07-21 16:01:48 +02:00 committed by Anderson Torres
parent 5f105f8778
commit ade414b6c7
3 changed files with 11 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/security/acme/default.md
View File

@ -189,7 +189,7 @@ security.acme.defaults.email = "admin+acme@example.com";
security.acme.certs."example.com" = {
domain = "*.example.com";
dnsProvider = "rfc2136";
credentialsFile = "/var/lib/secrets/certs.secret";
environmentFile = "/var/lib/secrets/certs.secret";
# We don't need to wait for propagation since this is a local DNS server
dnsPropagationCheck = false;
};
@ -256,7 +256,7 @@ security.acme.acceptTerms = true;
security.acme.defaults.email = "admin+acme@example.com";
security.acme.defaults = {
dnsProvider = "rfc2136";
credentialsFile = "/var/lib/secrets/certs.secret";
environmentFile = "/var/lib/secrets/certs.secret";
# We don't need to wait for propagation since this is a local DNS server
dnsPropagationCheck = false;
};

12
nixos/modules/security/acme/default.nix
View File

@ -362,8 +362,8 @@ let
"/var/lib/acme/.lego/${cert}/${certDir}:/tmp/certificates"
];
# Only try loading the credentialsFile if the dns challenge is enabled
EnvironmentFile = mkIf useDns data.credentialsFile;
# Only try loading the environmentFile if the dns challenge is enabled
EnvironmentFile = mkIf useDns data.environmentFile;
Environment = mkIf useDns
(mapAttrsToList (k: v: ''"${k}=%d/${k}"'') data.credentialFiles);
@ -502,6 +502,10 @@ let
defaultText = if isDefaults then default else literalExpression "config.security.acme.defaults.${name}";
};
in {
imports = [
(mkRenamedOptionModule [ "credentialsFile" ] [ "environmentFile" ])
];
options = {
validMinDays = mkOption {
type = types.int;
@ -613,9 +617,9 @@ let
'';
};
credentialsFile = mkOption {
environmentFile = mkOption {
type = types.nullOr types.path;
inherit (defaultAndText "credentialsFile" null) default defaultText;
inherit (defaultAndText "environmentFile" null) default defaultText;
description = lib.mdDoc ''
Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider.

2
nixos/tests/acme.nix
View File

@ -18,7 +18,7 @@
dnsConfig = nodes: {
dnsProvider = "exec";
dnsPropagationCheck = false;
credentialsFile = pkgs.writeText "wildcard.env" ''
environmentFile = pkgs.writeText "wildcard.env" ''
EXEC_PATH=${dnsScript nodes}
EXEC_POLLING_INTERVAL=1
EXEC_PROPAGATION_TIMEOUT=1