diff options
author | J. Konrad Tegtmeier-Rottach <jktr@0x16.de> | 2020-06-08 02:17:55 +0200 |
---|---|---|
committer | J. Konrad Tegtmeier-Rottach <jktr@0x16.de> | 2020-06-08 02:17:55 +0200 |
commit | a0189a4c495da3c7945c42b56c5dae501206c268 (patch) | |
tree | 24cd92c07f19f3c47a1341b3d1320d7d8098170d /nixos | |
parent | d0abc5d54f7d41d81dd3bc9fab6afb214f7ded38 (diff) | |
download | nixpkgs-a0189a4c495da3c7945c42b56c5dae501206c268.tar nixpkgs-a0189a4c495da3c7945c42b56c5dae501206c268.tar.gz nixpkgs-a0189a4c495da3c7945c42b56c5dae501206c268.tar.bz2 nixpkgs-a0189a4c495da3c7945c42b56c5dae501206c268.tar.lz nixpkgs-a0189a4c495da3c7945c42b56c5dae501206c268.tar.xz nixpkgs-a0189a4c495da3c7945c42b56c5dae501206c268.tar.zst nixpkgs-a0189a4c495da3c7945c42b56c5dae501206c268.zip |
nixos/acme: add extraLegoFlags option
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/security/acme.nix | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 776ef07d716..7b492a67b28 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -150,6 +150,14 @@ let ''; }; + extraLegoFlags = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Additional global flags to pass to all lego commands. + ''; + }; + extraLegoRenewFlags = mkOption { type = types.listOf types.str; default = []; @@ -308,7 +316,8 @@ in ++ optionals (data.dnsProvider != null && !data.dnsPropagationCheck) [ "--dns.disable-cp" ] ++ concatLists (mapAttrsToList (name: root: [ "-d" name ]) data.extraDomains) ++ (if data.dnsProvider != null then [ "--dns" data.dnsProvider ] else [ "--http" "--http.webroot" data.webroot ]) - ++ optionals (cfg.server != null || data.server != null) ["--server" (if data.server == null then cfg.server else data.server)]; + ++ optionals (cfg.server != null || data.server != null) ["--server" (if data.server == null then cfg.server else data.server)] + ++ data.extraLegoFlags; certOpts = optionals data.ocspMustStaple [ "--must-staple" ]; runOpts = escapeShellArgs (globalOpts ++ [ "run" ] ++ certOpts); renewOpts = escapeShellArgs (globalOpts ++ |