acme: Don't attempt to get certs if the domain is wrong
This commit is contained in:
parent
88494da98b
commit
be67bc49bb
|
@ -138,7 +138,6 @@
|
|||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
clientMaxBodySize = "10G";
|
||||
domain = "tlater.net";
|
||||
|
||||
statusPage = true; # For metrics, should be accessible only from localhost
|
||||
|
||||
|
|
|
@ -10,6 +10,8 @@
|
|||
# TODO(tlater): See if would be useful for anything?
|
||||
boot.kernelParams = ["nosgx"];
|
||||
|
||||
services.nginx.domain = "116.202.158.55";
|
||||
|
||||
systemd.network.networks."eth0" = {
|
||||
matchConfig.MACAddress = "90:1b:0e:c1:8c:62";
|
||||
|
||||
|
|
|
@ -6,6 +6,8 @@
|
|||
# Required for the lish console
|
||||
boot.kernelParams = ["console=ttyS0,19200n8"];
|
||||
|
||||
services.nginx.domain = "tlater.net";
|
||||
|
||||
boot.loader = {
|
||||
# Timeout to allow lish to connect
|
||||
timeout = 10;
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
|
||||
# Sets the base domain for nginx to localhost so that we
|
||||
# can easily test locally with the VM.
|
||||
services.nginx.domain = lib.mkOverride 99 "localhost";
|
||||
services.nginx.domain = "localhost";
|
||||
|
||||
# Use the staging secrets
|
||||
sops.defaultSopsFile = lib.mkOverride 99 ../../keys/staging.yaml;
|
||||
|
|
|
@ -1,8 +1,23 @@
|
|||
{lib, ...}: let
|
||||
inherit (lib) mkOption types;
|
||||
in {
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
options.services.nginx.domain = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = "The base domain name to append to virtual domain names";
|
||||
};
|
||||
|
||||
config = {
|
||||
# Don't attempt to run acme if the domain name is not tlater.net
|
||||
systemd.services = let
|
||||
confirm = ''[[ "tlater.net" = ${config.services.nginx.domain} ]]'';
|
||||
in
|
||||
lib.mapAttrs' (cert: _:
|
||||
lib.nameValuePair "acme-${cert}" {
|
||||
serviceConfig.ExecCondition = ''${pkgs.runtimeShell} -c '${confirm}' '';
|
||||
})
|
||||
config.security.acme.certs;
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue