From 51a3f6a1df7c27431411cbecf20b54c05a9acec6 Mon Sep 17 00:00:00 2001
From: clerie <git@clerie.de>
Date: Sat, 15 May 2021 18:48:38 +0200
Subject: [PATCH] Add akne module for getting self signed certs with acme
 client

---
 modules/akne/default.nix | 41 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 modules/akne/default.nix

diff --git a/modules/akne/default.nix b/modules/akne/default.nix
new file mode 100644
index 0000000..d14bbc1
--- /dev/null
+++ b/modules/akne/default.nix
@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.clerie.akne;
+
+in {
+  options = {
+    clerie.akne = {
+      enable = mkEnableOption "Makes fun stuff with the nixos acme module.";
+      selfSigneOnlyHostNames = mkOption {
+        type = with types; listOf str;
+        default = {};
+        description = "List of hostnames for which the acme client gets disabled. This hostnames use the self-signed certs instead.";
+      };
+    };
+  };
+
+  config = {
+    systemd.services = with lib; listToAttrs (
+      flatten (
+        map (
+          name: [
+            (
+              nameValuePair "acme-${name}" {
+                enable = false;
+                wantedBy = mkForce [];
+              }
+            )
+            (
+              nameValuePair "acme-selfsigned-${name}" {
+                wantedBy = [ "multi-user.target" ];
+              }
+            )
+          ]
+        ) cfg.selfSigneOnlyHostNames
+      )
+    );
+  };
+}