mirror of
https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git
synced 2025-01-27 13:28:23 +01:00
Merge branch 'acme-cert-name-option' into 'master'
acme: Add new option acmeCertificateName See merge request simple-nixos-mailserver/nixos-mailserver!303
This commit is contained in:
commit
ed0fbae77c
4 changed files with 22 additions and 4 deletions
13
default.nix
13
default.nix
|
@ -675,6 +675,19 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
acmeCertificateName = mkOption {
|
||||
type = types.str;
|
||||
default = cfg.fqdn;
|
||||
example = "example.com";
|
||||
description = ''
|
||||
({option}`mailserver.certificateScheme` == `acme`)
|
||||
|
||||
When the `acme` `certificateScheme` is selected, you can use this option
|
||||
to override the default certificate name. This is useful if you've
|
||||
generated a wildcard certificate, for example.
|
||||
'';
|
||||
};
|
||||
|
||||
enableImap = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
|
|
|
@ -13,5 +13,10 @@
|
|||
assertion = config.mailserver.forwards == {};
|
||||
message = "When the LDAP support is enable (mailserver.ldap.enable = true), it is not possible to define mailserver.forwards";
|
||||
}
|
||||
] ++ lib.optionals (config.mailserver.certificateScheme != "acme") [
|
||||
{
|
||||
assertion = config.mailserver.acmeCertificateName == config.mailserver.fqdn;
|
||||
message = "When the certificate scheme is not 'acme' (mailserver.certificateScheme != \"acme\"), it is not possible to define mailserver.acmeCertificateName";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
|
@ -26,7 +26,7 @@ in
|
|||
else if cfg.certificateScheme == "selfsigned"
|
||||
then "${cfg.certificateDirectory}/cert-${cfg.fqdn}.pem"
|
||||
else if cfg.certificateScheme == "acme" || cfg.certificateScheme == "acme-nginx"
|
||||
then "${config.security.acme.certs.${cfg.fqdn}.directory}/fullchain.pem"
|
||||
then "${config.security.acme.certs.${cfg.acmeCertificateName}.directory}/fullchain.pem"
|
||||
else throw "unknown certificate scheme";
|
||||
|
||||
# key :: PATH
|
||||
|
@ -35,7 +35,7 @@ in
|
|||
else if cfg.certificateScheme == "selfsigned"
|
||||
then "${cfg.certificateDirectory}/key-${cfg.fqdn}.pem"
|
||||
else if cfg.certificateScheme == "acme" || cfg.certificateScheme == "acme-nginx"
|
||||
then "${config.security.acme.certs.${cfg.fqdn}.directory}/key.pem"
|
||||
then "${config.security.acme.certs.${cfg.acmeCertificateName}.directory}/key.pem"
|
||||
else throw "unknown certificate scheme";
|
||||
|
||||
passwordFiles = let
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with (import ./common.nix { inherit config; });
|
||||
with (import ./common.nix { inherit config lib pkgs; });
|
||||
|
||||
let
|
||||
cfg = config.mailserver;
|
||||
|
@ -36,7 +36,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
security.acme.certs."${cfg.fqdn}".reloadServices = [
|
||||
security.acme.certs."${cfg.acmeCertificateName}".reloadServices = [
|
||||
"postfix.service"
|
||||
"dovecot2.service"
|
||||
];
|
||||
|
|
Loading…
Reference in a new issue