services.certmgr.specs

Certificate specs as described by: https://github.com/cloudflare/certmgr#certificate-specs These will be added to the Nix store, so they will be world readable.

Type

attribute set of (absolute path or (submodule))

Default

{ }

Example

{
  exampleCert =
  let
    domain = "example.com";
    secret = name: "/var/lib/secrets/${name}.pem";
  in {
    service = "nginx";
    action = "reload";
    authority = {
      file.path = secret "ca";
    };
    certificate = {
      path = secret domain;
    };
    private_key = {
      owner = "root";
      group = "root";
      mode = "0600";
      path = secret "${domain}-key";
    };
    request = {
      CN = domain;
      hosts = [ "mail.${domain}" "www.${domain}" ];
      key = {
        algo = "rsa";
        size = 2048;
      };
      names = {
        O = "Example Organization";
        C = "USA";
      };
    };
  };
  otherCert = "/var/certmgr/specs/other-cert.json";
}

Declared

<nixpkgs/nixos/modules/services/security/certmgr.nix>