Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acme: Add "domain" option to separate domain from name #24745

Merged
merged 1 commit into from Apr 11, 2017
Merged

acme: Add "domain" option to separate domain from name #24745

merged 1 commit into from Apr 11, 2017

Conversation

edanaher
Copy link
Contributor

@edanaher edanaher commented Apr 8, 2017

Motivation for this change

#24731. I want to be able to have separate certificates for different services (SMTP, XMPP, IMAP, HTTP, etc.) Aside from a general sense that this is the Right Way to do things, some of these services run as different users/groups, and it's thus difficult to generate a single certificate they can all read.

With the domain option, I can use the following (taken directly from my config) to create a separate certificate for each service:

    security.acme.certs."prosody-kdf.sh" ={
      domain = "kdf.sh";
      group = "prosody";
      allowKeysForGroup = true;
      webroot = config.security.acme.certs."kdf.sh".webroot;
};
Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Fits CONTRIBUTING.md.

@mention-bot
Copy link

@edanaher, thanks for your PR! By analyzing the history of the files in this pull request, we identified @fpletz, @abbradar and @bobvanderlinden to be potential reviewers.

@aneeshusa
Copy link
Contributor

I have a very similar patch locally to be able to get separate certs for Nginx and Postgres, +1 frome me.

@fpletz fpletz added this to the 17.09 milestone Apr 11, 2017
@fpletz fpletz merged commit e3559c2 into NixOS:master Apr 11, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
0.kind: enhancement
Projects
None yet
Milestone
17.09
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@edanaher @mention-bot @aneeshusa @fpletz