1
0
Fork 0

LetsEncrypt acme now requires an email and accepting their TOS.

This commit is contained in:
Kevin Baensch 2020-03-11 01:53:04 +01:00
parent 8511968173
commit 6379225731
Signed by: derped
GPG Key ID: C0F1D326C7626543
3 changed files with 21 additions and 0 deletions

3
fn.nix
View File

@ -5,6 +5,9 @@ with lib;
rec { rec {
ifelse = a: b: c: if a then b else c; ifelse = a: b: c: if a then b else c;
fileContentsOr = a: b: (ifelse
(pathIsRegularFile a)
a b);
cwd = toString ./.; cwd = toString ./.;
lst = { p ? cwd, t ? "regular", b ? false }: (lists.forEach lst = { p ? cwd, t ? "regular", b ? false }: (lists.forEach
(attrNames (attrNames

17
services/acme.nix Normal file
View File

@ -0,0 +1,17 @@
{ options, config, lib, pkgs, ... }:
with builtins;
with lib;
let
fn = import (../. + (toPath "/fn.nix")) { inherit lib; };
cfg = config.machine;
in mkIf (elem "acme" cfg.services) {
security.acme = {
# see https://letsencrypt.org/repository/
acceptTerms = true;
email = fn.fileContentsOr
(toPath "${cfg.secretPath}/acme.mailAddr")
"${(elemAt cfg.mailAccounts 0).name}@${cfg.domain}";
};
}

View File

@ -1,5 +1,6 @@
{ {
imports = [ imports = [
./acme.nix
./cups.nix ./cups.nix
./docker.nix ./docker.nix
./fail2ban.nix ./fail2ban.nix