Certificate specs as described by: https://github.com/cloudflare/certmgr#certificate-specs These will be added to the Nix store, so they will be world readable.
Declarations
Type
attribute set of (path or (submodule))
Default
{ }
Example
{
exampleCert =
let
domain = "example.com";
secret = name: "/var/lib/secrets/${name}.pem";
in {
service = "nginx";
action = "reload";
authority = {
file.path = secret "ca";
};
certificate = {
path = secret domain;
};
private_key = {
owner = "root";
group = "root";
mode = "0600";
path = secret "${domain}-key";
};
request = {
CN = domain;
hosts = [ "mail.${domain}" "www.${domain}" ];
key = {
algo = "rsa";
size = 2048;
};
names = {
O = "Example Organization";
C = "USA";
};
};
};
otherCert = "/var/certmgr/specs/other-cert.json";
}