2025-07-06 01:16:28 +03:00
|
|
|
{ config, lib, ... }:
|
|
|
|
|
let
|
2025-07-06 03:22:09 +03:00
|
|
|
cfg = config.custom.services.certStoreClient;
|
2025-07-06 01:16:28 +03:00
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options = {
|
2025-07-06 03:22:09 +03:00
|
|
|
custom.services.certStoreClient.enable = lib.mkOption {
|
2025-07-06 01:16:28 +03:00
|
|
|
type = lib.types.bool;
|
|
|
|
|
default = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nginx.virtualHosts = lib.mkOption {
|
|
|
|
|
type = lib.types.attrsOf (
|
|
|
|
|
lib.types.submodule {
|
|
|
|
|
config = lib.mkIf cfg.enable (
|
|
|
|
|
lib.mkDefault {
|
|
|
|
|
sslCertificate = config.sops.secrets.cert-fullchain.path;
|
|
|
|
|
sslCertificateKey = config.sops.secrets.cert-key.path;
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
|
sops = {
|
|
|
|
|
secrets = {
|
|
|
|
|
cert-fullchain = {
|
|
|
|
|
sopsFile = ../../../secrets/cert.yaml;
|
|
|
|
|
restartUnits = [ "nginx.service" ];
|
|
|
|
|
owner = config.services.nginx.user;
|
|
|
|
|
group = config.services.nginx.user;
|
|
|
|
|
};
|
|
|
|
|
cert-key = {
|
|
|
|
|
sopsFile = ../../../secrets/cert.yaml;
|
|
|
|
|
restartUnits = [ "nginx.service" ];
|
|
|
|
|
owner = config.services.nginx.user;
|
|
|
|
|
group = config.services.nginx.user;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
