Loading nixos/modules/security/acme/default.md +2 −2 Original line number Diff line number Diff line Loading @@ -189,7 +189,7 @@ security.acme.defaults.email = "admin+acme@example.com"; security.acme.certs."example.com" = { domain = "*.example.com"; dnsProvider = "rfc2136"; credentialsFile = "/var/lib/secrets/certs.secret"; environmentFile = "/var/lib/secrets/certs.secret"; # We don't need to wait for propagation since this is a local DNS server dnsPropagationCheck = false; }; Loading Loading @@ -256,7 +256,7 @@ security.acme.acceptTerms = true; security.acme.defaults.email = "admin+acme@example.com"; security.acme.defaults = { dnsProvider = "rfc2136"; credentialsFile = "/var/lib/secrets/certs.secret"; environmentFile = "/var/lib/secrets/certs.secret"; # We don't need to wait for propagation since this is a local DNS server dnsPropagationCheck = false; }; Loading nixos/modules/security/acme/default.nix +8 −4 Original line number Diff line number Diff line Loading @@ -362,8 +362,8 @@ let "/var/lib/acme/.lego/${cert}/${certDir}:/tmp/certificates" ]; # Only try loading the credentialsFile if the dns challenge is enabled EnvironmentFile = mkIf useDns data.credentialsFile; # Only try loading the environmentFile if the dns challenge is enabled EnvironmentFile = mkIf useDns data.environmentFile; Environment = mkIf useDns (mapAttrsToList (k: v: ''"${k}=%d/${k}"'') data.credentialFiles); Loading Loading @@ -502,6 +502,10 @@ let defaultText = if isDefaults then default else literalExpression "config.security.acme.defaults.${name}"; }; in { imports = [ (mkRenamedOptionModule [ "credentialsFile" ] [ "environmentFile" ]) ]; options = { validMinDays = mkOption { type = types.int; Loading Loading @@ -613,9 +617,9 @@ let ''; }; credentialsFile = mkOption { environmentFile = mkOption { type = types.nullOr types.path; inherit (defaultAndText "credentialsFile" null) default defaultText; inherit (defaultAndText "environmentFile" null) default defaultText; description = lib.mdDoc '' Path to an EnvironmentFile for the cert's service containing any required and optional environment variables for your selected dnsProvider. Loading nixos/tests/acme.nix +1 −1 Original line number Diff line number Diff line Loading @@ -18,7 +18,7 @@ dnsConfig = nodes: { dnsProvider = "exec"; dnsPropagationCheck = false; credentialsFile = pkgs.writeText "wildcard.env" '' environmentFile = pkgs.writeText "wildcard.env" '' EXEC_PATH=${dnsScript nodes} EXEC_POLLING_INTERVAL=1 EXEC_PROPAGATION_TIMEOUT=1 Loading Loading
nixos/modules/security/acme/default.md +2 −2 Original line number Diff line number Diff line Loading @@ -189,7 +189,7 @@ security.acme.defaults.email = "admin+acme@example.com"; security.acme.certs."example.com" = { domain = "*.example.com"; dnsProvider = "rfc2136"; credentialsFile = "/var/lib/secrets/certs.secret"; environmentFile = "/var/lib/secrets/certs.secret"; # We don't need to wait for propagation since this is a local DNS server dnsPropagationCheck = false; }; Loading Loading @@ -256,7 +256,7 @@ security.acme.acceptTerms = true; security.acme.defaults.email = "admin+acme@example.com"; security.acme.defaults = { dnsProvider = "rfc2136"; credentialsFile = "/var/lib/secrets/certs.secret"; environmentFile = "/var/lib/secrets/certs.secret"; # We don't need to wait for propagation since this is a local DNS server dnsPropagationCheck = false; }; Loading
nixos/modules/security/acme/default.nix +8 −4 Original line number Diff line number Diff line Loading @@ -362,8 +362,8 @@ let "/var/lib/acme/.lego/${cert}/${certDir}:/tmp/certificates" ]; # Only try loading the credentialsFile if the dns challenge is enabled EnvironmentFile = mkIf useDns data.credentialsFile; # Only try loading the environmentFile if the dns challenge is enabled EnvironmentFile = mkIf useDns data.environmentFile; Environment = mkIf useDns (mapAttrsToList (k: v: ''"${k}=%d/${k}"'') data.credentialFiles); Loading Loading @@ -502,6 +502,10 @@ let defaultText = if isDefaults then default else literalExpression "config.security.acme.defaults.${name}"; }; in { imports = [ (mkRenamedOptionModule [ "credentialsFile" ] [ "environmentFile" ]) ]; options = { validMinDays = mkOption { type = types.int; Loading Loading @@ -613,9 +617,9 @@ let ''; }; credentialsFile = mkOption { environmentFile = mkOption { type = types.nullOr types.path; inherit (defaultAndText "credentialsFile" null) default defaultText; inherit (defaultAndText "environmentFile" null) default defaultText; description = lib.mdDoc '' Path to an EnvironmentFile for the cert's service containing any required and optional environment variables for your selected dnsProvider. Loading
nixos/tests/acme.nix +1 −1 Original line number Diff line number Diff line Loading @@ -18,7 +18,7 @@ dnsConfig = nodes: { dnsProvider = "exec"; dnsPropagationCheck = false; credentialsFile = pkgs.writeText "wildcard.env" '' environmentFile = pkgs.writeText "wildcard.env" '' EXEC_PATH=${dnsScript nodes} EXEC_POLLING_INTERVAL=1 EXEC_PROPAGATION_TIMEOUT=1 Loading
