...

author: Gregor Kleen <gkleen@yggdrasil.li> 2022-01-31 17:52:33 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2022-01-31 17:52:33 +0100
commit: 0eacd61dfbda6aed732e0d196fd8fe3d97bdcf63 (patch)
tree: f9344e18bf0da6295dbe79fc85f5cdcfac6fbd1f /hosts/surtr/tls.nix
parent: 8a53478d3d43940736e936244d24bd47d5a3788c (diff)
download: nixos-0eacd61dfbda6aed732e0d196fd8fe3d97bdcf63.tar
nixos-0eacd61dfbda6aed732e0d196fd8fe3d97bdcf63.tar.gz
nixos-0eacd61dfbda6aed732e0d196fd8fe3d97bdcf63.tar.bz2
nixos-0eacd61dfbda6aed732e0d196fd8fe3d97bdcf63.tar.xz
nixos-0eacd61dfbda6aed732e0d196fd8fe3d97bdcf63.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/hosts/surtr/tls.nix b/hosts/surtr/tls.nix
index 53fe1e5e..17de1319 100644
--- a/hosts/surtr/tls.nix
+++ b/hosts/surtr/tls.nix
@@ -60,6 +60,10 @@ let
        type = types.nullOr types.str;
        default = null;
      };
+      certCfg = mkOption {
+        type = types.attrs;
+        default = {};
+      };
    };
  };
 in {
@@ -93,7 +97,7 @@ in {
            credentialsFile = knotDNSCredentials domain;
            dnsResolver = "1.1.1.1:53";
            keyType = "rsa4096"; # we don't like NIST curves
-          };
+          } // cfg.domains.${domain}.certCfg;
        in genAttrs (attrNames cfg.domains) domainAttrset;
    };
author	Gregor Kleen <gkleen@yggdrasil.li>	2022-01-31 17:52:33 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2022-01-31 17:52:33 +0100
commit	0eacd61dfbda6aed732e0d196fd8fe3d97bdcf63 (patch)
tree	f9344e18bf0da6295dbe79fc85f5cdcfac6fbd1f /hosts/surtr/tls.nix
parent	8a53478d3d43940736e936244d24bd47d5a3788c (diff)
download	nixos-0eacd61dfbda6aed732e0d196fd8fe3d97bdcf63.tar nixos-0eacd61dfbda6aed732e0d196fd8fe3d97bdcf63.tar.gz nixos-0eacd61dfbda6aed732e0d196fd8fe3d97bdcf63.tar.bz2 nixos-0eacd61dfbda6aed732e0d196fd8fe3d97bdcf63.tar.xz nixos-0eacd61dfbda6aed732e0d196fd8fe3d97bdcf63.zip