Nikolay Amiantov
4fc0b4edca
acme service: generate a CA for self-signed certificate
...
This is needed because simp_le expects two certificates in fullchain.pem, leading to error:
> Not enough PEM encoded messages were found in fullchain.pem; at least 2 were expected, found 1.
We now create a CA and sign the key with it instead, providing correct fullchain.pem.
Also cleanup service a bit -- use PATH and a private temporary directory (which
is more suitable).
2018-04-17 12:53:29 +03:00
Wout Mertens
527e97f333
acme module: update for simp_le v0.8
...
Hopefully fixes #37689
2018-03-24 17:43:32 +01:00
Robert Schütz
b5ecdfa977
nixos/acme: Fix xml ( #34683 )
2018-02-06 23:27:28 +00:00
Joachim Schiele
edeacd00ad
security.acme: default name value via module system ( #34388 )
2018-02-06 21:08:57 +00:00
zimbatm
1276a3b12a
nixos/acme: configurable TOS hash ( #33522 )
...
This hash tends to change and upstream simp_le doesn't seem to keep up
with the changes.
2018-01-11 14:19:15 +00:00
Pierre-Etienne Meunier
538acd9060
ACME module: add server option ( #31122 )
2017-11-02 11:10:47 +01:00
Bjørn Forsman
6a55fda61e
nixos/acme: improve documentation
...
* Use literalExample for better readability
* Clarify a bit wrt. 'webroot' and 'allowKeysForGroup'
2017-06-09 19:35:17 +02:00
Bjørn Forsman
7a0e958b97
nixos/acme: support "full.pem" (for lighttpd)
...
* Create "full.pem" from selfsigned certificate
* Tell simp_le to create "full.pem"
* Inject service dependency between lighttpd and the generation of certificates
Side note: According to the internet these servers also use the
"full.pem" format: pound, ejabberd, pure-ftpd.
2017-06-09 19:35:17 +02:00
lassulus
fd7a8f1b91
nixos/security/acme: fix acme folder permissions
2017-05-11 18:49:26 +02:00
edanaher
e3559c23c2
acme: Add "domain" option to separate domain from name
...
Fixes #24731 .
2017-04-11 18:28:05 +02:00
Niklas Hambüchen
ee0f3e7ad9
acme: Use chown -R
for challenges directory. Fixes #24529 .
...
Commit 75f131da02
added
`chown 'nginx:nginx' '/var/lib/acme'` to the pre-start script,
but since it doesn't use `chown -R`, it is possible that there
are older existing subdirs (like `acme-challenge`)
that are owned to `root` from before that commit went it.
2017-04-01 15:22:01 +02:00
Franz Pletz
fb50cde71e
nixos/treewide: systemd.time is in manvolume 7
...
cc #23396
2017-03-21 08:28:53 +01:00
Joachim F
6dbe55ca68
Merge pull request #20456 from ericsagnes/feat/loaf-dep-1
...
Use attrsOf in place of loaOf when relevant
2017-02-19 15:49:25 +01:00
Franz Pletz
516760a6fb
nixos/acme: add random delay to timer
...
This way we behave like good citizens and won't overload Let's Encrypt
with lots of cert renewal requests at the same time.
2017-01-25 19:15:04 +01:00
Domen Kožar
75f131da02
acme: ensure nginx challenges directory is writeable
2016-11-29 15:56:01 +01:00
Eric Sagnes
e5b7975fe3
acme module: certs option loaOf -> attrsOf
2016-11-16 16:28:27 +09:00
Ricardo M. Correia
1623476904
nixos.acme: make timer persistent
...
This makes sure that if the system was powered off when the timer was
supposed to trigger, it will run the next time the system boots up.
2016-10-03 19:31:42 +02:00
Eric Sagnes
3acf336f15
acme module: optionSet -> submodule
2016-09-13 12:53:09 +09:00
Alexander Ried
7f98dca782
security.acme: the client really needs networking
...
Actually this can be improved since the client only needs network
connectivity if it needs to renew the certificate.
2016-09-06 17:47:00 +02:00
Eric Sagnes
4cdfeb78f9
modules: move meta at top level
2016-08-11 00:29:48 +09:00
zimbatm
28fa4a2f03
Escape all shell arguments uniformly
2016-06-12 18:11:37 +01:00
Bob van der Linden
4e6697dcb6
acme: added option security.acme.preliminarySelfsigned
( #15562 )
2016-06-01 11:39:46 +01:00
Eelco Dolstra
0c5e837b66
acme.nix: Fix unit descriptions
...
Unit descriptions should be capitalized, and timer units don't have
to describe that they're timers.
2016-04-18 14:20:49 +02:00
tg(x)
629a89343e
simp_le: external_pem.sh plugin is now called external.sh
2016-02-26 01:31:58 +01:00
Nikolay Amiantov
c420a6f1ef
acme service: update plugins enum
2016-02-10 02:06:01 +03:00
Domen Kožar
7fe7138968
nixos: fix acme service @abbradar
2016-01-12 11:50:34 +01:00
Nikolay Amiantov
f92cec4c1b
nixos/acme: add allowKeysForGroup
2016-01-10 07:28:19 +03:00
Nikolay Amiantov
5250582396
nixos/acme: fix timer unit
2015-12-13 17:01:59 +03:00
Franz Pletz
1685b9d06e
nixos/acme: Add module documentation
2015-12-12 16:06:53 +01:00
Franz Pletz
9374ddb895
nixos/acme: validMin & renewInterval aren't cert-specific
2015-12-12 16:06:53 +01:00
Franz Pletz
0517d59a66
nixos/acme: Improve documentation
2015-12-12 16:06:52 +01:00
Franz Pletz
de24b00d41
nixos/simp_le: Rename to security.acme
2015-12-12 16:06:52 +01:00