Merge pull request #89779 from jktr/acme-extra-flags

nixos/acme: extra lego flags
author: Lassulus <github@lassul.us> 2020-08-22 14:29:39 +0200
committer: GitHub <noreply@github.com> 2020-08-22 14:29:39 +0200
commit: 8a141825a3b99e69a08ac8e6b2b1973293bd2617 (patch)
tree: cb9c650d10d62812c293097bd76c739367e4b8ad /nixos
parent: f63d01f4479681e72d2b0b4a7e00d6a6f5fc6fc7 (diff)
parent: 1719353619662f5fed705cc10f54834edb01bb38 (diff)
download: nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar
nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.gz
nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.bz2
nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.lz
nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.xz
nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.zst
nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.zip
1 files changed, 19 insertions, 2 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index 1f63e7b88bd..29635dbe864 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -150,6 +150,14 @@ let
         '';
       };
 
+      extraLegoFlags = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        description = ''
+          Additional global flags to pass to all lego commands.
+        '';
+      };
+
       extraLegoRenewFlags = mkOption {
         type = types.listOf types.str;
         default = [];
@@ -157,6 +165,14 @@ let
           Additional flags to pass to lego renew.
         '';
       };
+
+      extraLegoRunFlags = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        description = ''
+          Additional flags to pass to lego run.
+        '';
+      };
     };
   };
 
@@ -313,9 +329,10 @@ in
                           ++ optionals (data.dnsProvider != null && !data.dnsPropagationCheck) [ "--dns.disable-cp" ]
                           ++ concatLists (mapAttrsToList (name: root: [ "-d" name ]) data.extraDomains)
                           ++ (if data.dnsProvider != null then [ "--dns" data.dnsProvider ] else [ "--http" "--http.webroot" data.webroot ])
-                          ++ optionals (cfg.server != null || data.server != null) ["--server" (if data.server == null then cfg.server else data.server)];
+                          ++ optionals (cfg.server != null || data.server != null) ["--server" (if data.server == null then cfg.server else data.server)]
+                          ++ data.extraLegoFlags;
                 certOpts = optionals data.ocspMustStaple [ "--must-staple" ];
-                runOpts = escapeShellArgs (globalOpts ++ [ "run" ] ++ certOpts);
+                runOpts = escapeShellArgs (globalOpts ++ [ "run" ] ++ certOpts ++ data.extraLegoRunFlags);
                 renewOpts = escapeShellArgs (globalOpts ++
                   [ "renew" "--days" (toString cfg.validMinDays) ] ++
                   certOpts ++ data.extraLegoRenewFlags);
author	Lassulus <github@lassul.us>	2020-08-22 14:29:39 +0200
committer	GitHub <noreply@github.com>	2020-08-22 14:29:39 +0200
commit	8a141825a3b99e69a08ac8e6b2b1973293bd2617 (patch)
tree	cb9c650d10d62812c293097bd76c739367e4b8ad /nixos
parent	f63d01f4479681e72d2b0b4a7e00d6a6f5fc6fc7 (diff)
parent	1719353619662f5fed705cc10f54834edb01bb38 (diff)
download	nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.gz nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.bz2 nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.lz nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.xz nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.tar.zst nixpkgs-8a141825a3b99e69a08ac8e6b2b1973293bd2617.zip