nixos/caddy: update ca option
The generated json configuration returns this warning: the 'issuer' field is deprecated and will be removed in the future; use 'issuers' instead Updated the config to use "issuers" instead of "issuer" Also, now it's possible to set the ca option null to not inject automatically any ca. This is useful if you don't want to generate any certificates or if you want to define a more fine-graned ca config manually (e.g.: use different ca per domain)
This commit is contained in:
parent
9df2cb074d
commit
679d54dcb3
@ -8,10 +8,10 @@ let
|
||||
|
||||
tlsConfig = {
|
||||
apps.tls.automation.policies = [{
|
||||
issuer = {
|
||||
issuers = [{
|
||||
inherit (cfg) ca email;
|
||||
module = "acme";
|
||||
};
|
||||
}];
|
||||
}];
|
||||
};
|
||||
|
||||
@ -23,23 +23,28 @@ let
|
||||
|
||||
# merge the TLS config options we expose with the ones originating in the Caddyfile
|
||||
configJSON =
|
||||
let tlsConfigMerge = ''
|
||||
{"apps":
|
||||
{"tls":
|
||||
{"automation":
|
||||
{"policies":
|
||||
(if .[0].apps.tls.automation.policies == .[1]?.apps.tls.automation.policies
|
||||
then .[0].apps.tls.automation.policies
|
||||
else (.[0].apps.tls.automation.policies + .[1]?.apps.tls.automation.policies)
|
||||
end)
|
||||
if cfg.ca != null then
|
||||
let tlsConfigMerge = ''
|
||||
{"apps":
|
||||
{"tls":
|
||||
{"automation":
|
||||
{"policies":
|
||||
(if .[0].apps.tls.automation.policies == .[1]?.apps.tls.automation.policies
|
||||
then .[0].apps.tls.automation.policies
|
||||
else (.[0].apps.tls.automation.policies + .[1]?.apps.tls.automation.policies)
|
||||
end)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}'';
|
||||
in pkgs.runCommand "caddy-config.json" { } ''
|
||||
${pkgs.jq}/bin/jq -s '.[0] * ${tlsConfigMerge}' ${adaptedConfig} ${tlsJSON} > $out
|
||||
'';
|
||||
in {
|
||||
}'';
|
||||
in
|
||||
pkgs.runCommand "caddy-config.json" { } ''
|
||||
${pkgs.jq}/bin/jq -s '.[0] * ${tlsConfigMerge}' ${adaptedConfig} ${tlsJSON} > $out
|
||||
''
|
||||
else
|
||||
adaptedConfig;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "services" "caddy" "agree" ] "this option is no longer necessary for Caddy 2")
|
||||
];
|
||||
@ -88,8 +93,13 @@ in {
|
||||
ca = mkOption {
|
||||
default = "https://acme-v02.api.letsencrypt.org/directory";
|
||||
example = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||
type = types.str;
|
||||
description = "Certificate authority ACME server. The default (Let's Encrypt production server) should be fine for most people.";
|
||||
type = types.nullOr types.str;
|
||||
description = ''
|
||||
Certificate authority ACME server. The default (Let's Encrypt
|
||||
production server) should be fine for most people. Set it to null if
|
||||
you don't want to include any authority (or if you want to write a more
|
||||
fine-graned configuration manually)
|
||||
'';
|
||||
};
|
||||
|
||||
email = mkOption {
|
||||
|
Loading…
Reference in New Issue
Block a user