clanModules: Add acme secret prompt for nginx

checks/matrix-synapse/default.nix

@@ -22,8 +22,9 @@
               enableACME = lib.mkForce false;
               forceSSL = lib.mkForce false;
             };
+            security.acme.defaults.email = "admin@clan.test";
             clan.matrix-synapse.domain = {
-              server = "clan.test";
+              server = "matrix.clan.test";
               client = "element.clan.test";
             };
             clan.matrix-synapse.users.admin.admin = true;

clanModules/nginx/default.nix

@@ -1,4 +1,7 @@
 { config, lib, ... }:
+let
+  nginx_acme_email = "nginx-acme";
+in
 {
 
   imports = [
@@ -10,6 +13,23 @@
 
   ];
   config = {
+
+    clan.core.facts.services."${nginx_acme_email}" = {
+      public."${nginx_acme_email}" = { };
+      generator.prompt = "Please enter your email address for Let's Encrypt certificate generation";
+
+      generator.script = ''
+        echo -n $prompt_value | tr -d "\n" > "$facts"/${nginx_acme_email}
+      '';
+    };
+    security.acme.acceptTerms = true;
+    security.acme.defaults.email = lib.mkDefault (
+      let
+        path = config.clan.core.facts.services."${nginx_acme_email}".public."${nginx_acme_email}".path;
+      in
+      if builtins.pathExists path then builtins.readFile path else null
+    );
+
     networking.firewall.allowedTCPPorts = [
       443
       80

docs/mkdocs.yml

@@ -59,6 +59,8 @@ nav:
           - reference/clanModules/borgbackup.md
           - reference/clanModules/deltachat.md
           - reference/clanModules/dyndns.md
+          - reference/clanModules/nginx.md
+          - reference/clanModules/vaultwarden.md
           - reference/clanModules/ergochat.md
           - reference/clanModules/garage.md
           - reference/clanModules/golem-provider.md