| security.acme.acceptTerms | Accept the CA's terms of service
|
| security.acme.useRoot | Whether to use the root user when generating certs
|
| security.acme.certs | Attribute set of certificates to get signed and renewed
|
| security.acme.defaults | Default values inheritable by all configured certs
|
| services.syncplay.useACMEHost | If set, use NixOS-generated ACME certificate with the specified name for TLS
|
| security.acme.maxConcurrentRenewals | Maximum number of concurrent certificate generation or renewal jobs
|
| security.acme.preliminarySelfsigned | Whether a preliminary self-signed certificate should be generated before
doing ACME requests
|
| security.acme.certs.<name>.inheritDefaults | Whether to inherit values set in security.acme.defaults or not.
|
| security.acme.certs.<name>.csr | Path to a certificate signing request to apply when fetching the certificate.
|
| security.acme.certs.<name>.csrKey | Path to the private key to the matching certificate signing request.
|
| security.acme.certs.<name>.group | Group running the ACME client.
|
| security.acme.certs.<name>.keyType | Key type to use for private keys
|
| security.acme.certs.<name>.postRun | Commands to run after new certificates go live
|
| security.acme.certs.<name>.email | Email address for account creation and correspondence from the CA
|
| security.acme.certs.<name>.domain | Domain to fetch certificate for (defaults to the entry name).
|
| security.acme.certs.<name>.validMinDays | Minimum remaining validity before renewal in days.
|
| security.acme.certs.<name>.s3Bucket | S3 bucket name to use for HTTP-01 based challenges
|
| security.acme.defaults.group | Group running the ACME client.
|
| security.acme.certs.<name>.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| security.acme.certs.<name>.server | ACME Directory Resource URI
|
| security.acme.certs.<name>.extraLegoFlags | Additional global flags to pass to all lego commands.
|
| security.acme.defaults.keyType | Key type to use for private keys
|
| security.acme.certs.<name>.listenHTTP | Interface and port to listen on to solve HTTP challenges
in the form [INTERFACE]:PORT
|
| security.acme.defaults.postRun | Commands to run after new certificates go live
|
| security.acme.certs.<name>.extraLegoRunFlags | Additional flags to pass to lego run.
|
| security.acme.defaults.email | Email address for account creation and correspondence from the CA
|
| security.acme.certs.<name>.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| security.acme.certs.<name>.webroot | Where the webroot of the HTTP vhost is located.
.well-known/acme-challenge/ directory
will be created below the webroot if it doesn't exist.
http://example.org/.well-known/acme-challenge/ must also
be available (notice unencrypted HTTP).
|
| security.acme.certs.<name>.enableDebugLogs | Whether to enable debug logging for this certificate.
|
| security.acme.defaults.validMinDays | Minimum remaining validity before renewal in days.
|
| security.acme.certs.<name>.extraLegoRenewFlags | Additional flags to pass to lego renew.
|
| security.acme.certs.<name>.extraDomainNames | A list of extra domain names, which are included in the one certificate to be issued.
|
| security.acme.defaults.profile | The certificate profile to choose if the CA offers multiple profiles.
|
| security.acme.defaults.server | ACME Directory Resource URI
|
| security.acme.certs.<name>.dnsProvider | DNS Challenge provider
|
| security.acme.defaults.extraLegoFlags | Additional global flags to pass to all lego commands.
|
| security.acme.certs.<name>.directory | Directory where certificate and other state is stored.
|
| security.acme.certs.<name>.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| security.acme.defaults.listenHTTP | Interface and port to listen on to solve HTTP challenges
in the form [INTERFACE]:PORT
|
| security.acme.defaults.extraLegoRunFlags | Additional flags to pass to lego run.
|
| security.acme.certs.<name>.renewInterval | Systemd calendar expression when to check for renewal
|
| security.acme.defaults.ocspMustStaple | Turns on the OCSP Must-Staple TLS extension
|
| security.acme.defaults.enableDebugLogs | Whether to enable debug logging for this certificate.
|
| security.acme.defaults.webroot | Where the webroot of the HTTP vhost is located.
.well-known/acme-challenge/ directory
will be created below the webroot if it doesn't exist.
http://example.org/.well-known/acme-challenge/ must also
be available (notice unencrypted HTTP).
|
| security.acme.defaults.extraLegoRenewFlags | Additional flags to pass to lego renew.
|
| security.acme.certs.<name>.reloadServices | The list of systemd services to call systemctl try-reload-or-restart
on.
|
| security.acme.defaults.dnsProvider | DNS Challenge provider
|
| security.acme.defaults.dnsResolver | Set the resolver to use for performing recursive DNS queries
|
| security.acme.defaults.renewInterval | Systemd calendar expression when to check for renewal
|
| security.acme.defaults.reloadServices | The list of systemd services to call systemctl try-reload-or-restart
on.
|
| security.acme.certs.<name>.credentialFiles | Environment variables suffixed by "_FILE" to set for the cert's service
for your selected dnsProvider
|
| security.acme.certs.<name>.environmentFile | Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider
|
| security.acme.certs.<name>.dnsPropagationCheck | Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.
|
| security.acme.defaults.credentialFiles | Environment variables suffixed by "_FILE" to set for the cert's service
for your selected dnsProvider
|
| security.acme.defaults.environmentFile | Path to an EnvironmentFile for the cert's service containing any required and
optional environment variables for your selected dnsProvider
|
| security.acme.defaults.dnsPropagationCheck | Toggles lego DNS propagation check, which is used alongside DNS-01
challenge to ensure the DNS entries required are available.
|
| services.movim.h2o.acme.useHost | An existing Let’s Encrypt certificate to use for this virtual
host
|
| services.h2o.hosts.<name>.acme.useHost | An existing Let’s Encrypt certificate to use for this virtual
host
|
| services.dolibarr.h2o.acme.useHost | An existing Let’s Encrypt certificate to use for this virtual
host
|
| services.reposilite.useACMEHost | Host of an existing Let's Encrypt certificate to use for SSL
|
| services.doh-server.useACMEHost | A host of an existing Let's Encrypt certificate to use.
Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using security.acme.certs.
|
| services.davis.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.movim.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.slskd.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.snipe-it.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.akkoma.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.gancio.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.fluidd.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.matomo.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.monica.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.portunus.ldap.tls | Whether to enable LDAPS protocol
|
| services.librespeed.useACMEHost | Use a certificate generated by the NixOS ACME module for the given host
|
| services.wstunnel.servers.<name>.useACMEHost | Use a certificate generated by the NixOS ACME module for the given host
|
| services.radicle.httpd.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.librenms.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.kanboard.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.agorakit.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.dolibarr.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.fediwall.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.pixelfed.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.mainsail.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.moodle.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.nagios.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.caddy.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.anuko-time-tracker.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.bookstack.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.httpd.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.nginx.virtualHosts.<name>.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.zabbixWeb.httpd.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.zabbixWeb.nginx.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.jirafeau.nginxConfig.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.drupal.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.fedimintd.<name>.nginx.config.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.mediawiki.httpd.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.limesurvey.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.wordpress.sites.<name>.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.limesurvey.nginx.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.limesurvey.httpd.virtualHost.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.misskey.reverseProxy.webserver.caddy.useACMEHost | A host of an existing Let's Encrypt certificate to use
|
| services.misskey.reverseProxy.webserver.nginx.useACMEHost | A host of an existing Let's Encrypt certificate to use
|