Skynet/misc_nixos-mailserver
7
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Allow using existing ACME certificates

Browse source 
Add a certificate scheme for using an existing ACME certificate without
setting up Nginx.

Also use names instead of magic numbers for certificate schemes.
This commit is contained in:
Naïm Favier 2023-02-15 13:15:09 +01:00 committed by lewo
parent 42c5564791
commit a948c49ca7
7 changed files with 49 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

6
mail-server/systemd.nix
View file

@ -19,9 +19,9 @@
let
cfg = config.mailserver;
certificatesDeps =
if cfg.certificateScheme == 1 then
if cfg.certificateScheme == "manual" then
[]
else if cfg.certificateScheme == 2 then
else if cfg.certificateScheme == "selfsigned" then
[ "mailserver-selfsigned-certificate.service" ]
else
[ "acme-finished-${cfg.fqdn}.target" ];
@ -29,7 +29,7 @@ in
{
config = with cfg; lib.mkIf enable {
# Create self signed certificate
systemd.services.mailserver-selfsigned-certificate = lib.mkIf (cfg.certificateScheme == 2) {
systemd.services.mailserver-selfsigned-certificate = lib.mkIf (cfg.certificateScheme == "selfsigned") {
after = [ "local-fs.target" ];
script = ''
# Create certificates if they do not exist yet