acme: Add new option acmeCertificateName

Allow the user to specify the name of the ACME configuration that the mailserver should use. This allows users that request certificates that aren't the FQDN of the mailserver, for example a wildcard certificate.
2023-06-28 20:42:37 +01:00 · 2023-06-28 20:42:37 +01:00 · 46a0829aa8
commit 46a0829aa8
parent 41059fc548
4 changed files with 22 additions and 4 deletions
--- a/mail-server/common.nix
+++ b/mail-server/common.nix
@ -26,7 +26,7 @@ in
             else if cfg.certificateScheme == "selfsigned"
                  then "${cfg.certificateDirectory}/cert-${cfg.fqdn}.pem"
                  else if cfg.certificateScheme == "acme" || cfg.certificateScheme == "acme-nginx"
-                       then "${config.security.acme.certs.${cfg.fqdn}.directory}/fullchain.pem"
+                       then "${config.security.acme.certs.${cfg.acmeCertificateName}.directory}/fullchain.pem"
                       else throw "unknown certificate scheme";

  # key :: PATH
@ -35,7 +35,7 @@ in
        else if cfg.certificateScheme == "selfsigned"
             then "${cfg.certificateDirectory}/key-${cfg.fqdn}.pem"
              else if cfg.certificateScheme == "acme" || cfg.certificateScheme == "acme-nginx"
-                   then "${config.security.acme.certs.${cfg.fqdn}.directory}/key.pem"
+                   then "${config.security.acme.certs.${cfg.acmeCertificateName}.directory}/key.pem"
                   else throw "unknown certificate scheme";

  passwordFiles = let