cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Merge pull request #133671 from jlesquembre/caddy

Browse source 
nixos/caddy: update ca option
This commit is contained in:
Aaron Andersen 2021-08-14 08:53:45 -04:00 committed by GitHub
commit cf17e439bc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
nixos/modules/services/web-servers/caddy.nix
View file

@ -8,10 +8,10 @@ let
tlsConfig = {
apps.tls.automation.policies = [{
issuer = {
issuers = [{
inherit (cfg) ca email;
module = "acme";
};
}];
}];
};
@ -23,23 +23,28 @@ let
# merge the TLS config options we expose with the ones originating in the Caddyfile
configJSON =
let tlsConfigMerge = ''
{"apps":
{"tls":
{"automation":
{"policies":
(if .[0].apps.tls.automation.policies == .[1]?.apps.tls.automation.policies
then .[0].apps.tls.automation.policies
else (.[0].apps.tls.automation.policies + .[1]?.apps.tls.automation.policies)
end)
if cfg.ca != null then
let tlsConfigMerge = ''
{"apps":
{"tls":
{"automation":
{"policies":
(if .[0].apps.tls.automation.policies == .[1]?.apps.tls.automation.policies
then .[0].apps.tls.automation.policies
else (.[0].apps.tls.automation.policies + .[1]?.apps.tls.automation.policies)
end)
}
}
}
}
}'';
in pkgs.runCommand "caddy-config.json" { } ''
${pkgs.jq}/bin/jq -s '.[0] * ${tlsConfigMerge}' ${adaptedConfig} ${tlsJSON} > $out
'';
in {
}'';
in
pkgs.runCommand "caddy-config.json" { } ''
${pkgs.jq}/bin/jq -s '.[0] * ${tlsConfigMerge}' ${adaptedConfig} ${tlsJSON} > $out
''
else
adaptedConfig;
in
{
imports = [
(mkRemovedOptionModule [ "services" "caddy" "agree" ] "this option is no longer necessary for Caddy 2")
];
@ -88,8 +93,13 @@ in {
ca = mkOption {
default = "https://acme-v02.api.letsencrypt.org/directory";
example = "https://acme-staging-v02.api.letsencrypt.org/directory";
type = types.str;
description = "Certificate authority ACME server. The default (Let's Encrypt production server) should be fine for most people.";
type = types.nullOr types.str;
description = ''
Certificate authority ACME server. The default (Let's Encrypt
production server) should be fine for most people. Set it to null if
you don't want to include any authority (or if you want to write a more
fine-graned configuration manually)
'';
};
email = mkOption {