Add akne module for getting self signed certs with acme client

2021-05-15 18:48:38 +02:00 · 2021-05-15 18:48:38 +02:00 · 51a3f6a1df
parent 6ee3387680
commit 51a3f6a1df
1 changed files with 41 additions and 0 deletions
--- a/modules/akne/default.nix
+++ b/modules/akne/default.nix
@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.clerie.akne;
+
+in {
+  options = {
+    clerie.akne = {
+      enable = mkEnableOption "Makes fun stuff with the nixos acme module.";
+      selfSigneOnlyHostNames = mkOption {
+        type = with types; listOf str;
+        default = {};
+        description = "List of hostnames for which the acme client gets disabled. This hostnames use the self-signed certs instead.";
+      };
+    };
+  };
+
+  config = {
+    systemd.services = with lib; listToAttrs (
+      flatten (
+        map (
+          name: [
+            (
+              nameValuePair "acme-${name}" {
+                enable = false;
+                wantedBy = mkForce [];
+              }
+            )
+            (
+              nameValuePair "acme-selfsigned-${name}" {
+                wantedBy = [ "multi-user.target" ];
+              }
+            )
+          ]
+        ) cfg.selfSigneOnlyHostNames
+      )
+    );
+  };
+}