LetsEncrypt acme now requires an email and accepting their TOS.

3 years ago · 6379225731
parent 8511968173
commit 6379225731
3 changed files with 21 additions and 0 deletions
--- a/fn.nix
+++ b/fn.nix
@ -5,6 +5,9 @@ with lib;

 rec {
  ifelse = a: b: c: if a then b else c;
+  fileContentsOr = a: b: (ifelse
+    (pathIsRegularFile a)
+    a b);
  cwd = toString ./.;
  lst = { p ? cwd, t ? "regular", b ? false }: (lists.forEach
    (attrNames
--- a/services/acme.nix
+++ b/services/acme.nix
@ -0,0 +1,17 @@
+{ options, config, lib, pkgs, ... }:
+
+with builtins;
+with lib;
+
+let
+  fn = import (../. + (toPath "/fn.nix")) { inherit lib; };
+  cfg = config.machine;
+in mkIf (elem "acme" cfg.services) {
+  security.acme = {
+    # see https://letsencrypt.org/repository/
+    acceptTerms = true;
+    email = fn.fileContentsOr
+      (toPath "${cfg.secretPath}/acme.mailAddr")
+      "${(elemAt cfg.mailAccounts 0).name}@${cfg.domain}";
+  };
+}
--- a/services/default.nix
+++ b/services/default.nix
@ -1,5 +1,6 @@
 {
  imports = [
+    ./acme.nix
    ./cups.nix
    ./docker.nix
    ./fail2ban.nix