Allow using existing ACME certificates

Add a certificate scheme for using an existing ACME certificate without setting up Nginx. Also use names instead of magic numbers for certificate schemes.
2023-02-15 13:15:09 +01:00 · 2023-02-15 13:15:09 +01:00 · a948c49ca7
commit a948c49ca7
parent 42c5564791
7 changed files with 49 additions and 35 deletions
--- a/mail-server/nginx.nix
+++ b/mail-server/nginx.nix
@ -24,8 +24,8 @@ let
  acmeRoot = "/var/lib/acme/acme-challenge";
 in
 {
-  config = lib.mkIf (cfg.enable && cfg.certificateScheme == 3) {
-    services.nginx = {
+  config = lib.mkIf (cfg.enable && (cfg.certificateScheme == "acme" || cfg.certificateScheme == "acme-nginx")) {
+    services.nginx = lib.mkIf (cfg.certificateScheme == "acme-nginx") {
      enable = true;
      virtualHosts."${cfg.fqdn}" = {
        serverName = cfg.fqdn;