(lib.optionalString config.services.httpd.Inte.enable "systemctl reload httpdInte.service")
(lib.optionalString config.services.nginx.enable "systemctl reload nginx.service")
];
+ extraLegoRenewFlags = [ "--reuse-key" ];
};
description = "Default configuration for certificates";
};
) config.security.acme.certs //
lib.attrsets.mapAttrs' (k: data:
lib.attrsets.nameValuePair "acme-${k}" {
+ after = lib.mkAfter [ "bind.service" ];
serviceConfig.ExecStartPre =
let
script = pkgs.writeScript "acme-pre-start" ''
# https://github.com/NixOS/nixpkgs/issues/84633
serviceConfig.RemainAfterExit = lib.mkForce false;
serviceConfig.WorkingDirectory = lib.mkForce "/var/lib/acme/${k}/.lego";
- serviceConfig.StateDirectory = lib.mkForce "acme/${k}/.lego acme/${k}";
+ serviceConfig.StateDirectory = lib.mkForce "acme/${k}/.lego acme/${k} acme/.lego/${k} acme/.lego/accounts";
serviceConfig.ExecStartPost =
let
keyName = builtins.replaceStrings ["*"] ["_"] data.domain;