diff options
| author | Franz Pletz <fpletz@fnordicwalking.de> | 2015-12-12 14:21:44 +0100 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2015-12-12 16:06:53 +0100 |
| commit | 9374ddb89523f6d77951445c5224b464d9ec198c (patch) | |
| tree | db8307a7564a0b95b5fdff07cc7e04311c7bc537 /nixos/modules/security | |
| parent | 0517d59a66f613471f478d0497aa5adb5dccfcdc (diff) | |
| download | nixpkgs-9374ddb89523f6d77951445c5224b464d9ec198c.tar nixpkgs-9374ddb89523f6d77951445c5224b464d9ec198c.tar.gz nixpkgs-9374ddb89523f6d77951445c5224b464d9ec198c.tar.bz2 nixpkgs-9374ddb89523f6d77951445c5224b464d9ec198c.tar.lz nixpkgs-9374ddb89523f6d77951445c5224b464d9ec198c.tar.xz nixpkgs-9374ddb89523f6d77951445c5224b464d9ec198c.tar.zst nixpkgs-9374ddb89523f6d77951445c5224b464d9ec198c.zip | |
nixos/acme: validMin & renewInterval aren't cert-specific
Diffstat (limited to 'nixos/modules/security')
| -rw-r--r-- | nixos/modules/security/acme.nix | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 37e4c287623..37de46cb1a5 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -19,22 +19,6 @@ let ''; }; - validMin = mkOption { - type = types.int; - default = 30 * 24 * 3600; - description = "Minimum remaining validity before renewal in seconds."; - }; - - renewInterval = mkOption { - type = types.str; - default = "weekly"; - description = '' - Systemd calendar expression when to check for renewal. See - <citerefentry><refentrytitle>systemd.time</refentrytitle> - <manvolnum>5</manvolnum></citerefentry>. - ''; - }; - email = mkOption { type = types.nullOr types.str; default = null; @@ -108,6 +92,22 @@ in ''; }; + validMin = mkOption { + type = types.int; + default = 30 * 24 * 3600; + description = "Minimum remaining validity before renewal in seconds."; + }; + + renewInterval = mkOption { + type = types.str; + default = "weekly"; + description = '' + Systemd calendar expression when to check for renewal. See + <citerefentry><refentrytitle>systemd.time</refentrytitle> + <manvolnum>5</manvolnum></citerefentry>. + ''; + }; + certs = mkOption { default = { }; type = types.loaOf types.optionSet; @@ -136,7 +136,7 @@ in systemd.services = flip mapAttrs' cfg.certs (cert: data: let cpath = "${cfg.directory}/${cert}"; - cmdline = [ "-v" "-d" cert "--default_root" data.webroot "--valid_min" data.validMin ] + cmdline = [ "-v" "-d" cert "--default_root" data.webroot "--valid_min" cfg.validMin ] ++ optionals (data.email != null) [ "--email" data.email ] ++ concatMap (p: [ "-f" p ]) data.plugins ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains); @@ -186,7 +186,7 @@ in description = "timer for ACME cert renewal of ${cert}"; wantedBy = [ "timers.target" ]; timerConfig = { - OnCalendar = data.renewInterval; + OnCalendar = cfg.renewInterval; Unit = "acme-simp_le-${cert}.service"; }; }) |