SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 11:59:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

caddy: Ensure acme certs before start

Browse source
This commit is contained in:
SebastianStork 2026-03-18 15:53:45 +01:00
parent fa06bbe9ce
commit b554146792
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
1 changed files with 12 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/nixos/services/caddy.nix
View file

@ -13,6 +13,12 @@ let
publicHostsExist = virtualHosts |> lib.any (vHost: (!self.lib.isPrivateDomain vHost.domain));
privateHostsExist = virtualHosts |> lib.any (vHost: self.lib.isPrivateDomain vHost.domain);
privateDomains =
virtualHosts
|> lib.filter (vHost: self.lib.isPrivateDomain vHost.domain)
|> lib.map (vHost: vHost.domain)
|> lib.unique;
mkVirtualHost =
{
domain,
@ -138,11 +144,7 @@ in
reloadServices = [ "caddy.service" ];
};
certs =
virtualHosts
|> lib.filter (host: self.lib.isPrivateDomain host.domain)
|> lib.map (host: lib.nameValuePair host.domain { })
|> lib.listToAttrs;
certs = privateDomains |> lib.map (domain: lib.nameValuePair domain { }) |> lib.listToAttrs;
};
services.nebula.networks.mesh.firewall.inbound = [
@ -160,7 +162,11 @@ in
systemd.services.caddy = {
requires = [ netCfg.overlay.systemdUnit ];
after = [ netCfg.overlay.systemdUnit ];
wants = privateDomains |> lib.map (domain: "acme-${domain}.service");
after = [
netCfg.overlay.systemdUnit
]
++ (privateDomains |> lib.map (domain: "acme-${domain}.service"));
};
custom.persistence.directories = [ "/var/lib/acme" ];