diff options
| author | datafoo <34766150+datafoo@users.noreply.github.com> | 2023-07-21 16:01:48 +0200 |
|---|---|---|
| committer | Anderson Torres <torres.anderson.85@protonmail.com> | 2023-09-11 16:34:20 +0000 |
| commit | ade414b6c7b9b5fe5cf69d4a1508973f7f4787f0 (patch) | |
| tree | 793e94cb5627f74fb6bf50d98c2f60d67b278aa4 | |
| parent | 5f105f87787b15a4f7179b6414b9fbe4063e34da (diff) | |
nixos/acme: rename option credentialsFile to environmentFile
| -rw-r--r-- | nixos/modules/security/acme/default.md | 4 | ||||
| -rw-r--r-- | nixos/modules/security/acme/default.nix | 12 | ||||
| -rw-r--r-- | nixos/tests/acme.nix | 2 |
3 files changed, 11 insertions, 7 deletions
diff --git a/nixos/modules/security/acme/default.md b/nixos/modules/security/acme/default.md index 8ff97b55f6856..31548ad181a73 100644 --- a/nixos/modules/security/acme/default.md +++ b/nixos/modules/security/acme/default.md @@ -189,7 +189,7 @@ security.acme.defaults.email = "admin+acme@example.com"; security.acme.certs."example.com" = { domain = "*.example.com"; dnsProvider = "rfc2136"; - credentialsFile = "/var/lib/secrets/certs.secret"; + environmentFile = "/var/lib/secrets/certs.secret"; # We don't need to wait for propagation since this is a local DNS server dnsPropagationCheck = false; }; @@ -256,7 +256,7 @@ security.acme.acceptTerms = true; security.acme.defaults.email = "admin+acme@example.com"; security.acme.defaults = { dnsProvider = "rfc2136"; - credentialsFile = "/var/lib/secrets/certs.secret"; + environmentFile = "/var/lib/secrets/certs.secret"; # We don't need to wait for propagation since this is a local DNS server dnsPropagationCheck = false; }; diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index 94fd77b23bb64..92bed172f4522 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -362,8 +362,8 @@ let "/var/lib/acme/.lego/${cert}/${certDir}:/tmp/certificates" ]; - # Only try loading the credentialsFile if the dns challenge is enabled - EnvironmentFile = mkIf useDns data.credentialsFile; + # Only try loading the environmentFile if the dns challenge is enabled + EnvironmentFile = mkIf useDns data.environmentFile; Environment = mkIf useDns (mapAttrsToList (k: v: ''"${k}=%d/${k}"'') data.credentialFiles); @@ -502,6 +502,10 @@ let defaultText = if isDefaults then default else literalExpression "config.security.acme.defaults.${name}"; }; in { + imports = [ + (mkRenamedOptionModule [ "credentialsFile" ] [ "environmentFile" ]) + ]; + options = { validMinDays = mkOption { type = types.int; @@ -613,9 +617,9 @@ let ''; }; - credentialsFile = mkOption { + environmentFile = mkOption { type = types.nullOr types.path; - inherit (defaultAndText "credentialsFile" null) default defaultText; + inherit (defaultAndText "environmentFile" null) default defaultText; description = lib.mdDoc '' Path to an EnvironmentFile for the cert's service containing any required and optional environment variables for your selected dnsProvider. diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index f255c655bffc7..e5f2d4c7934a1 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -18,7 +18,7 @@ dnsConfig = nodes: { dnsProvider = "exec"; dnsPropagationCheck = false; - credentialsFile = pkgs.writeText "wildcard.env" '' + environmentFile = pkgs.writeText "wildcard.env" '' EXEC_PATH=${dnsScript nodes} EXEC_POLLING_INTERVAL=1 EXEC_PROPAGATION_TIMEOUT=1 |