From a0189a4c495da3c7945c42b56c5dae501206c268 Mon Sep 17 00:00:00 2001 From: "J. Konrad Tegtmeier-Rottach" Date: Mon, 8 Jun 2020 02:17:55 +0200 Subject: [PATCH 1/2] nixos/acme: add extraLegoFlags option --- nixos/modules/security/acme.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 776ef07d716c..7b492a67b28e 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -150,6 +150,14 @@ let ''; }; + extraLegoFlags = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Additional global flags to pass to all lego commands. + ''; + }; + extraLegoRenewFlags = mkOption { type = types.listOf types.str; default = []; @@ -308,7 +316,8 @@ in ++ optionals (data.dnsProvider != null && !data.dnsPropagationCheck) [ "--dns.disable-cp" ] ++ concatLists (mapAttrsToList (name: root: [ "-d" name ]) data.extraDomains) ++ (if data.dnsProvider != null then [ "--dns" data.dnsProvider ] else [ "--http" "--http.webroot" data.webroot ]) - ++ optionals (cfg.server != null || data.server != null) ["--server" (if data.server == null then cfg.server else data.server)]; + ++ optionals (cfg.server != null || data.server != null) ["--server" (if data.server == null then cfg.server else data.server)] + ++ data.extraLegoFlags; certOpts = optionals data.ocspMustStaple [ "--must-staple" ]; runOpts = escapeShellArgs (globalOpts ++ [ "run" ] ++ certOpts); renewOpts = escapeShellArgs (globalOpts ++ From 1719353619662f5fed705cc10f54834edb01bb38 Mon Sep 17 00:00:00 2001 From: "J. Konrad Tegtmeier-Rottach" Date: Mon, 8 Jun 2020 02:18:31 +0200 Subject: [PATCH 2/2] nixos/acme: add extraLegoRunFlags option --- nixos/modules/security/acme.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index 7b492a67b28e..6c26e39524c6 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -165,6 +165,14 @@ let Additional flags to pass to lego renew. ''; }; + + extraLegoRunFlags = mkOption { + type = types.listOf types.str; + default = []; + description = '' + Additional flags to pass to lego run. + ''; + }; }; }; @@ -319,7 +327,7 @@ in ++ optionals (cfg.server != null || data.server != null) ["--server" (if data.server == null then cfg.server else data.server)] ++ data.extraLegoFlags; certOpts = optionals data.ocspMustStaple [ "--must-staple" ]; - runOpts = escapeShellArgs (globalOpts ++ [ "run" ] ++ certOpts); + runOpts = escapeShellArgs (globalOpts ++ [ "run" ] ++ certOpts ++ data.extraLegoRunFlags); renewOpts = escapeShellArgs (globalOpts ++ [ "renew" "--days" (toString cfg.validMinDays) ] ++ certOpts ++ data.extraLegoRenewFlags);