feat: add dns.useStagingACME option

Used for testing environments, so we don't stumble upon ACME rate limits.
This commit is contained in:
Inex Code 2022-11-16 11:02:20 +03:00
parent 895a816ef5
commit 3dd8ff1821
3 changed files with 9 additions and 1 deletions

View file

@ -8,7 +8,10 @@ in
}; };
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = {
email = "${cfg.username}@${cfg.domain}"; email = "${cfg.username}@${cfg.domain}";
server = if cfg.dns.useStagingACME then "https://acme-staging-v02.api.letsencrypt.org/directory" else "https://acme-v02.api.letsencrypt.org/directory";
};
certs = lib.mkForce { certs = lib.mkForce {
"${cfg.domain}" = { "${cfg.domain}" = {
domain = "*.${cfg.domain}"; domain = "*.${cfg.domain}";

View file

@ -90,6 +90,10 @@ in
description = "DNS provider that was defined at the initial setup process. Default is ClOUDFLARE"; description = "DNS provider that was defined at the initial setup process. Default is ClOUDFLARE";
type = types.nullOr types.str; type = types.nullOr types.str;
}; };
useStagingACME = mkOption {
description = "Use staging ACME server. Default is false";
type = types.nullOr types.bool;
};
}; };
backup = { backup = {
bucket = mkOption { bucket = mkOption {

View file

@ -20,6 +20,7 @@ in
}; };
dns = { dns = {
provider = lib.attrsets.attrByPath [ "dns" "provider" ] "CLOUDFLARE" jsonData; provider = lib.attrsets.attrByPath [ "dns" "provider" ] "CLOUDFLARE" jsonData;
useStagingACME = lib.attrsets.attrByPath [ "dns" "useStagingACME" ] false jsonData;
}; };
backup = { backup = {
bucket = lib.attrsets.attrByPath [ "backup" "bucket" ] (lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData) jsonData; bucket = lib.attrsets.attrByPath [ "backup" "bucket" ] (lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData) jsonData;