@ -20,6 +20,16 @@ let
'' ;
} ;
server = mkOption {
type = types . nullOr types . str ;
default = null ;
description = ''
ACME Directory Resource URI . Defaults to let's encrypt
production endpoint ,
https://acme-v02.api.letsencrypt.org/directory, if unset .
'' ;
} ;
domain = mkOption {
type = types . str ;
default = name ;
@ -109,7 +119,15 @@ in
{
###### interface
imports = [
( mkRemovedOptionModule [ " s e c u r i t y " " a c m e " " p r o d u c t i o n " ] ''
Use security . acme . server to define your staging ACME server URL instead .
To use the let's encrypt staging server , use security . acme . server =
" h t t p s : / / a c m e - s t a g i n g - v 0 2 . a p i . l e t s e n c r y p t . o r g / d i r e c t o r y " .
''
)
] ;
options = {
security . acme = {
@ -129,6 +147,16 @@ in
'' ;
} ;
server = mkOption {
type = types . nullOr types . str ;
default = null ;
description = ''
ACME Directory Resource URI . Defaults to let's encrypt
production endpoint ,
<literal> https://acme-v02.api.letsencrypt.org/directory < /literal > , if unset .
'' ;
} ;
preliminarySelfsigned = mkOption {
type = types . bool ;
default = true ;
@ -142,20 +170,6 @@ in
'' ;
} ;
production = mkOption {
type = types . bool ;
default = true ;
description = ''
If set to true , use Let's Encrypt's production environment
instead of the staging environment . The main benefit of the
staging environment is to get much higher rate limits .
See
<literal> https://letsencrypt.org/docs/staging-environment < /literal >
for more detail .
'' ;
} ;
certs = mkOption {
default = { } ;
type = with types ; attrsOf ( submodule certOpts ) ;
@ -198,7 +212,7 @@ in
++ optionals ( data . email != null ) [ " - - e m a i l " data . email ]
++ concatMap ( p : [ " - f " p ] ) data . plugins
++ concatLists ( mapAttrsToList ( name : root : [ " - d " ( if root == null then name else " ${ name } : ${ root } " ) ] ) data . extraDomains )
++ optionals ( ! cfg . production ) [ " - - s e r v e r " " h t t p s : / / a c m e - s t a g i n g - v 0 2 . a p i . l e t s e n c r y p t . o r g / d i r e c t o r y " ] ;
++ optionals ( cfg . server != null || data . server != null ) [ " - - s e r v e r " ( if data . server == null then cfg . server else data . server ) ] ;
acmeService = {
description = " R e n e w A C M E C e r t i f i c a t e f o r ${ cert } " ;
after = [ " n e t w o r k . t a r g e t " " n e t w o r k - o n l i n e . t a r g e t " ] ;