feat: add dns.useStagingACME option

Used for testing environments, so we don't stumble upon ACME rate limits.
2024-11-21 19:41:26 +00:00 · 2022-11-16 11:02:20 +03:00 · 2022-11-16 11:02:20 +03:00 · 3dd8ff1821
parent 895a816ef5
commit 3dd8ff1821
3 changed files with 9 additions and 1 deletions
--- a/letsencrypt/acme.nix
+++ b/letsencrypt/acme.nix
@ -8,7 +8,10 @@ in
  };
  security.acme = {
    acceptTerms = true;
-    email = "${cfg.username}@${cfg.domain}";
+    defaults = {
+      email = "${cfg.username}@${cfg.domain}";
+      server = if cfg.dns.useStagingACME then "https://acme-staging-v02.api.letsencrypt.org/directory" else "https://acme-v02.api.letsencrypt.org/directory";
+    };
    certs = lib.mkForce {
      "${cfg.domain}" = {
        domain = "*.${cfg.domain}";
--- a/variables-module.nix
+++ b/variables-module.nix
@ -90,6 +90,10 @@ in
        description = "DNS provider that was defined at the initial setup process. Default is ClOUDFLARE";
        type = types.nullOr types.str;
      };
+      useStagingACME = mkOption {
+        description = "Use staging ACME server. Default is false";
+        type = types.nullOr types.bool;
+      };
    };
    backup = {
      bucket = mkOption {
--- a/variables.nix
+++ b/variables.nix
@ -20,6 +20,7 @@ in
    };
    dns = {
      provider = lib.attrsets.attrByPath [ "dns" "provider" ] "CLOUDFLARE" jsonData;
+      useStagingACME = lib.attrsets.attrByPath [ "dns" "useStagingACME" ] false jsonData;
    };
    backup = {
      bucket = lib.attrsets.attrByPath [ "backup" "bucket" ] (lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData) jsonData;