From 9374ddb89523f6d77951445c5224b464d9ec198c Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Sat, 12 Dec 2015 14:21:44 +0100
Subject: [PATCH] nixos/acme: validMin & renewInterval aren't cert-specific

---
 nixos/modules/security/acme.nix | 36 ++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index 37e4c2876231..37de46cb1a53 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -19,22 +19,6 @@ let
         '';
       };
 
-      validMin = mkOption {
-        type = types.int;
-        default = 30 * 24 * 3600;
-        description = "Minimum remaining validity before renewal in seconds.";
-      };
-
-      renewInterval = mkOption {
-        type = types.str;
-        default = "weekly";
-        description = ''
-          Systemd calendar expression when to check for renewal. See
-          <citerefentry><refentrytitle>systemd.time</refentrytitle>
-          <manvolnum>5</manvolnum></citerefentry>.
-        '';
-      };
-
       email = mkOption {
         type = types.nullOr types.str;
         default = null;
@@ -108,6 +92,22 @@ in
         '';
       };
 
+      validMin = mkOption {
+        type = types.int;
+        default = 30 * 24 * 3600;
+        description = "Minimum remaining validity before renewal in seconds.";
+      };
+
+      renewInterval = mkOption {
+        type = types.str;
+        default = "weekly";
+        description = ''
+          Systemd calendar expression when to check for renewal. See
+          <citerefentry><refentrytitle>systemd.time</refentrytitle>
+          <manvolnum>5</manvolnum></citerefentry>.
+        '';
+      };
+
       certs = mkOption {
         default = { };
         type = types.loaOf types.optionSet;
@@ -136,7 +136,7 @@ in
     systemd.services = flip mapAttrs' cfg.certs (cert: data:
       let
         cpath = "${cfg.directory}/${cert}";
-        cmdline = [ "-v" "-d" cert "--default_root" data.webroot "--valid_min" data.validMin ]
+        cmdline = [ "-v" "-d" cert "--default_root" data.webroot "--valid_min" cfg.validMin ]
                   ++ optionals (data.email != null) [ "--email" data.email ]
                   ++ concatMap (p: [ "-f" p ]) data.plugins
                   ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains);
@@ -186,7 +186,7 @@ in
         description = "timer for ACME cert renewal of ${cert}";
         wantedBy = [ "timers.target" ];
         timerConfig = {
-          OnCalendar = data.renewInterval;
+          OnCalendar = cfg.renewInterval;
           Unit = "acme-simp_le-${cert}.service";
         };
       })