From b21b38c7711432473e775809d47b1f83b1694f20 Mon Sep 17 00:00:00 2001
From: Soispha <soispha@vhack.eu>
Date: Sat, 17 Jun 2023 21:40:13 +0200
Subject: Fix(system/services/acme): Add multiple domains
---
system/services/acme/default.nix | 38 +++++++++++++++++++++++---------------
system/services/acme/domains.nix | Bin 0 -> 130 bytes
2 files changed, 23 insertions(+), 15 deletions(-)
create mode 100644 system/services/acme/domains.nix
(limited to 'system/services/acme')
diff --git a/system/services/acme/default.nix b/system/services/acme/default.nix
index a163e77..0a0c4ce 100644
--- a/system/services/acme/default.nix
+++ b/system/services/acme/default.nix
@@ -1,11 +1,11 @@
-{...}: {
- users.users.nginx.extraGroups = ["acme"];
+{lib, ...}: let
+ domains = import ./domains.nix {};
- services.nginx = {
- enable = true;
- virtualHosts = {
- "acmechallenge.vhack.eu" = {
- serverAliases = ["*.vhack.eu"];
+ virtualHosts = builtins.listToAttrs (
+ builtins.map (domain_name: {
+ name = "acmechallenge.${domain_name}";
+ value = {
+ serverAliases = ["*.${domain_name}"];
locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/.challenges";
};
@@ -13,18 +13,26 @@
return = "301 https://$host$request_uri";
};
};
- };
+ })
+ domains
+ );
+ certs = lib.attrsets.genAttrs domains (
+ domain_name: {
+ webroot = "/var/lib/acme/.challenges";
+ group = "nginx";
+ }
+ );
+in {
+ users.users.nginx.extraGroups = ["acme"];
+
+ services.nginx = {
+ enable = true;
+ inherit virtualHosts;
};
security.acme = {
acceptTerms = true;
defaults.email = "admin@vhack.eu";
- certs = {
- "server1.vhack.eu" = {
- webroot = "/var/lib/acme/.challenges";
- group = "nginx";
- extraDomainNames = ["imap.vhack.eu" "smtp.vhack.eu"];
- };
- };
+ inherit certs;
};
}
diff --git a/system/services/acme/domains.nix b/system/services/acme/domains.nix
new file mode 100644
index 0000000..8f0930d
Binary files /dev/null and b/system/services/acme/domains.nix differ
--
cgit 1.4.1