diff options
author | Lassulus <github@lassul.us> | 2020-08-22 14:29:39 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-22 14:29:39 +0200 |
commit | 8a141825a3b99e69a08ac8e6b2b1973293bd2617 (patch) | |
tree | cb9c650d10d62812c293097bd76c739367e4b8ad /nixos | |
parent | f63d01f4479681e72d2b0b4a7e00d6a6f5fc6fc7 (diff) | |
parent | 1719353619662f5fed705cc10f54834edb01bb38 (diff) | |
download | nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.gz nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.bz2 nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.lz nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.xz nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.zst nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.zip |
Merge pull request #89779 from jktr/acme-extra-flags
nixos/acme: extra lego flags
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/security/acme.nix | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 1f63e7b88bd..29635dbe864 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -150,6 +150,14 @@ let ''; }; + extraLegoFlags = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Additional global flags to pass to all lego commands. + ''; + }; + extraLegoRenewFlags = mkOption { type = types.listOf types.str; default = []; @@ -157,6 +165,14 @@ let Additional flags to pass to lego renew. ''; }; + + extraLegoRunFlags = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Additional flags to pass to lego run. + ''; + }; }; }; @@ -313,9 +329,10 @@ in ++ optionals (data.dnsProvider != null && !data.dnsPropagationCheck) [ "--dns.disable-cp" ] ++ concatLists (mapAttrsToList (name: root: [ "-d" name ]) data.extraDomains) ++ (if data.dnsProvider != null then [ "--dns" data.dnsProvider ] else [ "--http" "--http.webroot" data.webroot ]) - ++ optionals (cfg.server != null || data.server != null) ["--server" (if data.server == null then cfg.server else data.server)]; + ++ optionals (cfg.server != null || data.server != null) ["--server" (if data.server == null then cfg.server else data.server)] + ++ data.extraLegoFlags; certOpts = optionals data.ocspMustStaple [ "--must-staple" ]; - runOpts = escapeShellArgs (globalOpts ++ [ "run" ] ++ certOpts); + runOpts = escapeShellArgs (globalOpts ++ [ "run" ] ++ certOpts ++ data.extraLegoRunFlags); renewOpts = escapeShellArgs (globalOpts ++ [ "renew" "--days" (toString cfg.validMinDays) ] ++ certOpts ++ data.extraLegoRenewFlags); |