acme: provide full nginx example

NixOS · Oct 21, 2016 · 2af7382 · grahamc · Oct 21, 2016 · 2af7382
1 parent 31c72ce
commit 2af7382
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/nixos/modules/security/acme.xml b/nixos/modules/security/acme.xml
@@ -74,7 +74,27 @@ options for the <literal>security.acme</literal> module.</para>
 </para>
 
 <programlisting>
+security.acme.certs."foo.example.com" = {
+  webroot = "/var/www/challenges";
+  email = "foo@example.com";
+  user = "nginx";
+  group = "nginx";
+  postRun = "systemctl restart nginx.service";
+};
 services.nginx.httpConfig = ''
+  server {
+    server_name foo.example.com;
+    listen [::]:80;
+
+    location /.well-known/acme-challenge {
+      root /var/www/challenges;
+    }
+
+    location / {
+      return 301 https://$host$request_uri;
+    }
+  }
+
   server {
     server_name foo.example.com;
     listen 443 ssl;