nixos/acme: Add defaults and inheritDefaults option

Allows configuring many default settings for certificates, all of which can still be overridden on a per-cert basis. Some options have been moved into .defaults from security.acme, namely email, server, validMinDays and renewInterval. These changes will not break existing configurations thanks to mkChangedOptionModule. With this, it is also now possible to configure DNS-01 with web servers whose virtualHosts utilise enableACME. The only requirement is you set `acmeRoot = null` for each vhost. The test suite has been revamped to cover these additions and also to generally make it easier to maintain. Test config for apache and nginx has been fully standardised, and it is now much easier to add a new web server if it follows the same configuration patterns as those two. I have also optimised the use of switch-to-configuration which should speed up testing.
2025-07-13 13:40:28 +03:00 · 2021-11-28 17:03:31 +00:00 · 2021-11-28 17:03:31 +00:00 · 377c6bcefc
commit 377c6bcefc
parent a7f0001328
8 changed files with 536 additions and 436 deletions
--- a/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix
+++ b/nixos/modules/services/web-servers/apache-httpd/vhost-options.nix
@ -128,9 +128,12 @@ in
    };

    acmeRoot = mkOption {
-      type = types.str;
+      type = types.nullOr types.str;
      default = "/var/lib/acme/acme-challenge";
-      description = "Directory for the acme challenge which is PUBLIC, don't put certs or keys in here";
+      description = ''
+        Directory for the acme challenge which is PUBLIC, don't put certs or keys in here.
+        Set to null to inherit from config.security.acme.
+      '';
    };

    sslServerCert = mkOption {