aither/simple-nixos-mailserver
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow using existing ACME certificates

Browse Source 
Add a certificate scheme for using an existing ACME certificate without
setting up Nginx.

Also use names instead of magic numbers for certificate schemes.
This commit is contained in:
Naïm Favier
2023-02-15 13:15:09 +01:00
committed by lewo
parent 42c5564791
commit a948c49ca7
7 changed files with 49 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
mail-server/systemd.nix
View File

@@ -19,9 +19,9 @@
let
cfg = config.mailserver;
certificatesDeps =
if cfg.certificateScheme == 1 then
if cfg.certificateScheme == "manual" then
[]
else if cfg.certificateScheme == 2 then
else if cfg.certificateScheme == "selfsigned" then
[ "mailserver-selfsigned-certificate.service" ]
else
[ "acme-finished-${cfg.fqdn}.target" ];
@@ -29,7 +29,7 @@ in
{
config = with cfg; lib.mkIf enable {
# Create self signed certificate
systemd.services.mailserver-selfsigned-certificate = lib.mkIf (cfg.certificateScheme == 2) {
systemd.services.mailserver-selfsigned-certificate = lib.mkIf (cfg.certificateScheme == "selfsigned") {
after = [ "local-fs.target" ];
script = ''
# Create certificates if they do not exist yet