commit 6a55fda61e899092a7c73b6b004783bbf1a73773 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

nixos/acme: improve documentation

* Use literalExample for better readability
* Clarify a bit wrt. 'webroot' and 'allowKeysForGroup'

Bjørn Forsman 8 years ago 6a55fda6 7a0e958b

+24 -17

1 changed file

expand all

unified split

nixos

modules

security

acme.nix

+24 -17

nixos/modules/security/acme.nix

··· 13 description = '' 14 Where the webroot of the HTTP vhost is located. 15 <filename>.well-known/acme-challenge/</filename> directory 16 - will be created automatically if it doesn't exist. 17 <literal>http://example.org/.well-known/acme-challenge/</literal> must also 18 be available (notice unencrypted HTTP). 19 ''; ··· 46 allowKeysForGroup = mkOption { 47 type = types.bool; 48 default = false; 49 - description = "Give read permissions to the specified group to read SSL private certificates."; 50 }; 51 52 postRun = mkOption { ··· 77 extraDomains = mkOption { 78 type = types.attrsOf (types.nullOr types.str); 79 default = {}; 80 - example = { 81 - "example.org" = "/srv/http/nginx"; 82 - "mydomain.org" = null; 83 - }; 84 description = '' 85 Extra domain names for which certificates are to be issued, with their 86 own server roots if needed. ··· 140 description = '' 141 Attribute set of certificates to get signed and renewed. 142 ''; 143 - example = { 144 - "example.com" = { 145 - webroot = "/var/www/challenges/"; 146 - email = "foo@example.com"; 147 - extraDomains = { "www.example.com" = null; "foo.example.com" = "/var/www/foo/"; }; 148 - }; 149 - "bar.example.com" = { 150 - webroot = "/var/www/challenges/"; 151 - email = "bar@example.com"; 152 - }; 153 - }; 154 }; 155 }; 156 };

··· 13 description = '' 14 Where the webroot of the HTTP vhost is located. 15 <filename>.well-known/acme-challenge/</filename> directory 16 + will be created below the webroot if it doesn't exist. 17 <literal>http://example.org/.well-known/acme-challenge/</literal> must also 18 be available (notice unencrypted HTTP). 19 ''; ··· 46 allowKeysForGroup = mkOption { 47 type = types.bool; 48 default = false; 49 + description = '' 50 + Give read permissions to the specified group 51 + (<option>security.acme.group</option>) to read SSL private certificates. 52 + ''; 53 }; 54 55 postRun = mkOption { ··· 80 extraDomains = mkOption { 81 type = types.attrsOf (types.nullOr types.str); 82 default = {}; 83 + example = literalExample '' 84 + { 85 + "example.org" = "/srv/http/nginx"; 86 + "mydomain.org" = null; 87 + } 88 + ''; 89 description = '' 90 Extra domain names for which certificates are to be issued, with their 91 own server roots if needed. ··· 145 description = '' 146 Attribute set of certificates to get signed and renewed. 147 ''; 148 + example = literalExample '' 149 + { 150 + "example.com" = { 151 + webroot = "/var/www/challenges/"; 152 + email = "foo@example.com"; 153 + extraDomains = { "www.example.com" = null; "foo.example.com" = "/var/www/foo/"; }; 154 + }; 155 + "bar.example.com" = { 156 + webroot = "/var/www/challenges/"; 157 + email = "bar@example.com"; 158 + }; 159 + } 160 + ''; 161 }; 162 }; 163 };