diff options
author | zimbatm <zimbatm@zimbatm.com> | 2018-01-11 14:19:15 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-11 14:19:15 +0000 |
commit | 1276a3b12aa0fa3ad5e52cce2dafe75ac5599a92 (patch) | |
tree | 03a96ae537ad9a1db69c3d77d1adb19927d65e8c /nixos | |
parent | 8d12c26e3488309a01f653896a4a07292a17f0f2 (diff) |
nixos/acme: configurable TOS hash (#33522)
This hash tends to change and upstream simp_le doesn't seem to keep up with the changes.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/security/acme.nix | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index fb011019f7f54..5940f471883c3 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -139,6 +139,14 @@ in ''; }; + tosHash = mkOption { + type = types.string; + default = "cc88d8d9517f490191401e7b54e9ffd12a2b9082ec7a1d4cec6101f9f1647e7b"; + description = '' + SHA256 of the Terms of Services document. This changes once in a while. + ''; + }; + production = mkOption { type = types.bool; default = true; @@ -188,7 +196,7 @@ in domain = if data.domain != null then data.domain else cert; cpath = "${cfg.directory}/${cert}"; rights = if data.allowKeysForGroup then "750" else "700"; - cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin ] + cmdline = [ "-v" "-d" domain "--default_root" data.webroot "--valid_min" cfg.validMin "--tos_sha256" cfg.tosHash ] ++ optionals (data.email != null) [ "--email" data.email ] ++ concatMap (p: [ "-f" p ]) data.plugins ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains) |