security.acme: default name value via module system (#34388)

6 years ago · edeacd00ad
parent c9d1bf3e76
commit edeacd00ad
1 changed files with 7 additions and 7 deletions
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@ -6,10 +6,11 @@ let

  cfg = config.security.acme;

-  certOpts = { ... }: {
+  certOpts = { name, ... }: {
    options = {
      webroot = mkOption {
        type = types.str;
+        example = "/var/lib/acme/acme-challenges";
        description = ''
          Where the webroot of the HTTP vhost is located.
          <filename>.well-known/acme-challenge/</filename> directory
@ -20,8 +21,8 @@ let
      };

      domain = mkOption {
-        type = types.nullOr types.str;
-        default = null;
+        type = types.str;
+        default = name;
        description = "Domain to fetch certificate for (defaults to the entry name)";
      };

@ -48,7 +49,7 @@ let
        default = false;
        description = ''
          Give read permissions to the specified group
-          (<option>security.acme.group</option>) to read SSL private certificates.
+          (<option>security.acme.cert.<name>.group</option>) to read SSL private certificates.
        '';
      };

@ -87,7 +88,7 @@ let
          }
        '';
        description = ''
-          Extra domain names for which certificates are to be issued, with their
+          A list of extra domain names, which are included in the one certificate to be issued, with their
          own server roots if needed.
        '';
      };
@ -193,10 +194,9 @@ in
          servicesLists = mapAttrsToList certToServices cfg.certs;
          certToServices = cert: data:
              let
-                domain = if data.domain != null then data.domain else cert;
                cpath = "${cfg.directory}/${cert}";
                rights = if data.allowKeysForGroup then "750" else "700";
-                cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ]
+                cmdline = [ "-v" "-d" data.domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ]
                          ++ optionals (data.email != null) [ "--email" data.email ]
                          ++ concatMap (p: [ "-f" p ]) data.plugins
                          ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains)