dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Squash merge feat/mail-server into main

Browse source
This commit is contained in:
DACHXY 2025-07-14 16:18:20 +08:00
parent 14f4243aee
commit 06bcfe62ff
21 changed files with 973 additions and 67 deletions
Download patch file Download diff file Expand all files Collapse all files

16
system/modules/certbot.nix
View file

@ -1,4 +1,9 @@
{ pkgs, ... }:
{
pkgs,
lib,
config,
...
}:
{
systemd.timers."certbot-renew" = {
enable = true;
@ -11,7 +16,7 @@
wantedBy = [ "timers.target" ];
};
systemd.timers."certbot-nginx-reload" = {
systemd.timers."certbot-nginx-reload" = lib.mkIf config.services.nginx.enable {
enable = true;
description = "certbot renew";
timerConfig = {
@ -24,8 +29,7 @@
systemd.services."certbot-renew" = {
enable = true;
after = [
"nginx.service"
after = (if config.services.nginx.enable then [ "nginx.service" ] else [ ]) ++ [
"network.target"
];
environment = {
@ -33,11 +37,11 @@
};
serviceConfig = {
ExecStart = ''${pkgs.certbot}/bin/certbot renew --no-random-sleep-on-renew --force-renewal'';
ExecStartPost = "${pkgs.busybox}/bin/chown nginx:nginx -R /etc/letsencrypt";
ExecStartPost = lib.mkIf config.services.nginx.enable "${pkgs.busybox}/bin/chown nginx:nginx -R /etc/letsencrypt";
};
};
systemd.services."nginx-config-reload" = {
systemd.services."nginx-config-reload" = lib.mkIf config.services.nginx.enable {
after = [ "certbot-renew.service" ];
wantedBy = [ "certbot-renew.service" ];
serviceConfig = {